-
Notifications
You must be signed in to change notification settings - Fork 0
POST session login
The tizra session-login function allows an administratively privileged API function to create a login session with privileges and identity information dynamically determined at a remote server.
A POST operation to /admin-api/<site-code>/session-login will create the session and session privileges as determined by a JSON record, like this:
{
"user-name": "username",
"props": {
"FirstName": "David",
"LastName": "Durand"
},
"site-path": "URL path for site",
"licenses": [
{
"offer": "tizra-id",
"match-objects": true,
"match-property": "prop-name",
"match-values": [
"value1", "value2", ...
]
},
... other license records, if needed ...
],
"permanent-licenses": [
{
"offer": "tizra-id",
"match-objects": true,
"match-property": "prop-name",
"match-values": [
"value1", "value2", ...
]
},
... other license records, if needed ...
]
}
This record can contain the following fields:
-
user-namean account name to be used for the virtual acccount associated with the session to be created. -
propsproperties of the virtual account to be created for the session. This is similar to thepropsfields that appear throughout the Tizra APIs. You put any property names you want in this part of the record. IF there are properties defined for Tizra User Accounts with matching names, they will be updated when the user redeems their token and logs in. -
site-pathif present, is a URL path to a page on the site to which the user should be redirected once they are logged in. -
licensesan array of license creation specifications for temporary licenses to be created for the duration of the user's login session. License specifications are described in the license management documentation. Note that theuser-nameanduser-set-namevalues in license specifications as described there would be redundant and should not be used in a login request. Also, matching options must be provided to select the content to be matched. -
permanent-licensesan array of license specifications for licenses that will be permanently added to the user account to be logged in. Note that this option will create duplicate licenses if specified on more than one login request.
The return result includes a URL that can be used from a browser to login a user and update that user's session privileges appropriately. The URL contains a unique, one-time-use token that links the result of the API request made by a remote server to a site access request made from the user's browser). This URL is returned in the Location header of the result. The JSON record returned will also contain the URL as the value of the location field.
Note that all licenses in a user's session are displayed by the Tizra License List block, as are all the User Sets that a user belongs to as a result of their Tags. This includes Session licenses. The License list block displays the metadata for the controlled object for each license, and takes all the options of the regular Tizra List block, so the list can be extended to include subsidiary resources such as attachments, and/or collection contents.
This means that Tizra can display a list of accessible content, even when all licenses are Session Licenses, added to the user's session upon login.