mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
6586402114
Traefik handles auth forwarding but does not manage redirections like Nginx. Therefore, Authelia must redirect the user and Traefik will forward this request. To support both Nginx and Traefik, /api/verify is now configurable with the 'redirect' get parameter. If the verification fails and 'redirect' is not provided the response will be a 401 error as before. If the parameter is provided and set to any URL, the response will be a redirection (302) to this URL.
997 lines
26 KiB
JavaScript
997 lines
26 KiB
JavaScript
define({ "api": [
|
|
{
|
|
"type": "get",
|
|
"url": "/",
|
|
"title": "First factor page",
|
|
"name": "Login",
|
|
"group": "Authentication",
|
|
"version": "1.0.0",
|
|
"success": {
|
|
"fields": {
|
|
"Success 200": [
|
|
{
|
|
"group": "Success 200",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Content",
|
|
"description": "<p>The content of the first factor page.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Serves the login page and create a create a cookie for the client.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "Authentication"
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/logout",
|
|
"title": "Serves logout page",
|
|
"name": "Logout",
|
|
"group": "Authentication",
|
|
"version": "1.0.0",
|
|
"parameter": {
|
|
"fields": {
|
|
"Parameter": [
|
|
{
|
|
"group": "Parameter",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "redirect",
|
|
"description": "<p>Redirect to this URL when user is deauthenticated.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"success": {
|
|
"fields": {
|
|
"Success 302": [
|
|
{
|
|
"group": "Success 302",
|
|
"optional": false,
|
|
"field": "redirect",
|
|
"description": "<p>Redirect to the URL.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Log out the user and redirect to the URL.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "Authentication"
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/secondfactor",
|
|
"title": "Second factor page",
|
|
"name": "SecondFactor",
|
|
"group": "Authentication",
|
|
"version": "1.0.0",
|
|
"success": {
|
|
"fields": {
|
|
"Success 200": [
|
|
{
|
|
"group": "Success 200",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Content",
|
|
"description": "<p>The content of second factor page.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Serves the second factor page</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "Authentication"
|
|
},
|
|
{
|
|
"type": "post",
|
|
"url": "/1stfactor",
|
|
"title": "Bind user against LDAP",
|
|
"name": "ValidateFirstFactor",
|
|
"group": "Authentication",
|
|
"version": "1.0.0",
|
|
"parameter": {
|
|
"fields": {
|
|
"Parameter": [
|
|
{
|
|
"group": "Parameter",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "username",
|
|
"description": "<p>User username.</p>"
|
|
},
|
|
{
|
|
"group": "Parameter",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "password",
|
|
"description": "<p>User password.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"success": {
|
|
"fields": {
|
|
"Success 204": [
|
|
{
|
|
"group": "Success 204",
|
|
"optional": false,
|
|
"field": "status",
|
|
"description": "<p>1st factor is validated.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 401": [
|
|
{
|
|
"group": "Error 401",
|
|
"type": "none",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>1st factor is not validated.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Verify credentials against the LDAP.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "Authentication",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "post",
|
|
"url": "/reset-password/request",
|
|
"title": "Finish password reset request",
|
|
"name": "FinishPasswordResetRequest",
|
|
"group": "PasswordReset",
|
|
"version": "1.0.0",
|
|
"description": "<p>Start password reset request.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "PasswordReset",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"parameter": {
|
|
"fields": {
|
|
"Parameter": [
|
|
{
|
|
"group": "Parameter",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "identity_token",
|
|
"description": "<p>The one-time identity validation token provided in the email.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"success": {
|
|
"fields": {
|
|
"Success 200": [
|
|
{
|
|
"group": "Success 200",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "content",
|
|
"description": "<p>The content of the page.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 403": [
|
|
{
|
|
"group": "Error 403",
|
|
"optional": false,
|
|
"field": "AccessDenied",
|
|
"description": "<p>Access is denied.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/password-reset/request",
|
|
"title": "Request username",
|
|
"name": "ServePasswordResetPage",
|
|
"group": "PasswordReset",
|
|
"version": "1.0.0",
|
|
"description": "<p>Serve a page that requires the username.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "PasswordReset",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "post",
|
|
"url": "/api/password-reset",
|
|
"title": "Set new password",
|
|
"name": "SetNewLDAPPassword",
|
|
"group": "PasswordReset",
|
|
"version": "1.0.0",
|
|
"parameter": {
|
|
"fields": {
|
|
"Parameter": [
|
|
{
|
|
"group": "Parameter",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "password",
|
|
"description": "<p>New password</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Set a new password for the user.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "PasswordReset",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/password-reset/identity/start",
|
|
"title": "Start password reset request",
|
|
"name": "StartPasswordResetRequest",
|
|
"group": "PasswordReset",
|
|
"version": "1.0.0",
|
|
"description": "<p>Start password reset request.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "PasswordReset",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"success": {
|
|
"fields": {
|
|
"Success 204": [
|
|
{
|
|
"group": "Success 204",
|
|
"optional": false,
|
|
"field": "status",
|
|
"description": "<p>Identity validation has been initiated.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 403": [
|
|
{
|
|
"group": "Error 403",
|
|
"optional": false,
|
|
"field": "AccessDenied",
|
|
"description": "<p>Access is denied.</p>"
|
|
}
|
|
],
|
|
"Error 400": [
|
|
{
|
|
"group": "Error 400",
|
|
"optional": false,
|
|
"field": "InvalidIdentity",
|
|
"description": "<p>User identity is invalid.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/secondfactor/totp/identity/finish",
|
|
"title": "Finish TOTP registration identity validation",
|
|
"name": "FinishTOTPRegistration",
|
|
"group": "TOTP",
|
|
"version": "1.0.0",
|
|
"description": "<p>Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "TOTP",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"parameter": {
|
|
"fields": {
|
|
"Parameter": [
|
|
{
|
|
"group": "Parameter",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "identity_token",
|
|
"description": "<p>The one-time identity validation token provided in the email.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"success": {
|
|
"fields": {
|
|
"Success 200": [
|
|
{
|
|
"group": "Success 200",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "content",
|
|
"description": "<p>The content of the page.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 403": [
|
|
{
|
|
"group": "Error 403",
|
|
"optional": false,
|
|
"field": "AccessDenied",
|
|
"description": "<p>Access is denied.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/secondfactor/totp/identity/start",
|
|
"title": "Start TOTP registration identity validation",
|
|
"name": "StartTOTPRegistration",
|
|
"group": "TOTP",
|
|
"version": "1.0.0",
|
|
"description": "<p>Initiates the identity validation</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "TOTP",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"success": {
|
|
"fields": {
|
|
"Success 204": [
|
|
{
|
|
"group": "Success 204",
|
|
"optional": false,
|
|
"field": "status",
|
|
"description": "<p>Identity validation has been initiated.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 403": [
|
|
{
|
|
"group": "Error 403",
|
|
"optional": false,
|
|
"field": "AccessDenied",
|
|
"description": "<p>Access is denied.</p>"
|
|
}
|
|
],
|
|
"Error 400": [
|
|
{
|
|
"group": "Error 400",
|
|
"optional": false,
|
|
"field": "InvalidIdentity",
|
|
"description": "<p>User identity is invalid.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "post",
|
|
"url": "/api/totp",
|
|
"title": "Complete TOTP authentication",
|
|
"name": "ValidateTOTPSecondFactor",
|
|
"group": "TOTP",
|
|
"version": "1.0.0",
|
|
"parameter": {
|
|
"fields": {
|
|
"Parameter": [
|
|
{
|
|
"group": "Parameter",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "token",
|
|
"description": "<p>TOTP token.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"success": {
|
|
"fields": {
|
|
"Success 302": [
|
|
{
|
|
"group": "Success 302",
|
|
"optional": false,
|
|
"field": "Redirect",
|
|
"description": "<p>to the URL that has been stored during last call to /api/verify.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 401": [
|
|
{
|
|
"group": "Error 401",
|
|
"type": "none",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>TOTP token is invalid.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Verify TOTP token. The user is authenticated upon success.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "TOTP",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "post",
|
|
"url": "/api/u2f/sign",
|
|
"title": "Complete U2F authentication",
|
|
"name": "CompleteU2FAuthentication",
|
|
"group": "U2F",
|
|
"version": "1.0.0",
|
|
"success": {
|
|
"fields": {
|
|
"Success 302": [
|
|
{
|
|
"group": "Success 302",
|
|
"optional": false,
|
|
"field": "Redirect",
|
|
"description": "<p>to the URL that has been stored during last call to /api/verify.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 403": [
|
|
{
|
|
"group": "Error 403",
|
|
"type": "none",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>No authentication request has been provided.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Complete authentication request of the U2F device.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "U2F",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "post",
|
|
"url": "/api/secondfactor/u2f/register",
|
|
"title": "Complete U2F registration",
|
|
"name": "FinishU2FRegistration",
|
|
"group": "U2F",
|
|
"version": "1.0.0",
|
|
"success": {
|
|
"fields": {
|
|
"Success 302": [
|
|
{
|
|
"group": "Success 302",
|
|
"optional": false,
|
|
"field": "Redirect",
|
|
"description": "<p>to the URL that has been stored during last call to /api/verify.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Complete U2F registration request.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "U2F",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/secondfactor/u2f/identity/start",
|
|
"title": "Start U2F registration identity validation",
|
|
"name": "RequestU2FRegistration",
|
|
"group": "U2F",
|
|
"version": "1.0.0",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "U2F",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"success": {
|
|
"fields": {
|
|
"Success 204": [
|
|
{
|
|
"group": "Success 204",
|
|
"optional": false,
|
|
"field": "status",
|
|
"description": "<p>Identity validation has been initiated.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 403": [
|
|
{
|
|
"group": "Error 403",
|
|
"optional": false,
|
|
"field": "AccessDenied",
|
|
"description": "<p>Access is denied.</p>"
|
|
}
|
|
],
|
|
"Error 400": [
|
|
{
|
|
"group": "Error 400",
|
|
"optional": false,
|
|
"field": "InvalidIdentity",
|
|
"description": "<p>User identity is invalid.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.</p>"
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/secondfactor/u2f/identity/finish",
|
|
"title": "Finish U2F registration identity validation",
|
|
"name": "ServeU2FRegistrationPage",
|
|
"group": "U2F",
|
|
"version": "1.0.0",
|
|
"description": "<p>Serves the U2F registration page that asks the user to touch the token of the U2F device.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "U2F",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"parameter": {
|
|
"fields": {
|
|
"Parameter": [
|
|
{
|
|
"group": "Parameter",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "identity_token",
|
|
"description": "<p>The one-time identity validation token provided in the email.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"success": {
|
|
"fields": {
|
|
"Success 200": [
|
|
{
|
|
"group": "Success 200",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "content",
|
|
"description": "<p>The content of the page.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 403": [
|
|
{
|
|
"group": "Error 403",
|
|
"optional": false,
|
|
"field": "AccessDenied",
|
|
"description": "<p>Access is denied.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/api/u2f/sign_request",
|
|
"title": "Start U2F authentication",
|
|
"name": "StartU2FAuthentication",
|
|
"group": "U2F",
|
|
"version": "1.0.0",
|
|
"success": {
|
|
"fields": {
|
|
"Success 200": [
|
|
{
|
|
"group": "Success 200",
|
|
"optional": false,
|
|
"field": "authentication_request",
|
|
"description": "<p>The U2F authentication request.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 401": [
|
|
{
|
|
"group": "Error 401",
|
|
"type": "none",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>There is no key registered for user in session.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Initiate an authentication request using a U2F device.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "U2F",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/api/u2f/register_request",
|
|
"title": "Start U2F registration",
|
|
"name": "StartU2FRegistration",
|
|
"group": "U2F",
|
|
"version": "1.0.0",
|
|
"success": {
|
|
"fields": {
|
|
"Success 200": [
|
|
{
|
|
"group": "Success 200",
|
|
"optional": false,
|
|
"field": "authentication_request",
|
|
"description": "<p>The U2F registration request.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 403": [
|
|
{
|
|
"group": "Error 403",
|
|
"type": "none",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Unexpected identity validation challenge.</p>"
|
|
}
|
|
],
|
|
"Error 500": [
|
|
{
|
|
"group": "Error 500",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "error",
|
|
"description": "<p>Internal error message.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Initiate a U2F device registration request.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "U2F",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "get",
|
|
"url": "/api/verify",
|
|
"title": "Verify user authentication",
|
|
"name": "VerifyAuthentication",
|
|
"group": "Verification",
|
|
"version": "1.0.0",
|
|
"parameter": {
|
|
"fields": {
|
|
"Parameter": [
|
|
{
|
|
"group": "Parameter",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "redirect",
|
|
"description": "<p>Optional parameter set to the url where the user is redirected if access is refused. It is mainly used by Traefik that does not control the redirection itself.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"success": {
|
|
"fields": {
|
|
"Success 204": [
|
|
{
|
|
"group": "Success 204",
|
|
"optional": false,
|
|
"field": "status",
|
|
"description": "<p>The user is authenticated.</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"error": {
|
|
"fields": {
|
|
"Error 302": [
|
|
{
|
|
"group": "Error 302",
|
|
"optional": false,
|
|
"field": "redirect",
|
|
"description": "<p>The user is redirected if redirect parameter is provided.</p>"
|
|
}
|
|
],
|
|
"Error 401": [
|
|
{
|
|
"group": "Error 401",
|
|
"optional": false,
|
|
"field": "status",
|
|
"description": "<p>The user get an error if access failed</p>"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": "<p>Verify that the user is authenticated, i.e., the two factors have been validated. If the user is authenticated the response headers Remote-User and Remote-Groups are set. Remote-User contains the user id of the currently logged in user and Remote-Groups a comma separated list of assigned groups.</p>",
|
|
"filename": "shared/api.ts",
|
|
"groupTitle": "Verification",
|
|
"header": {
|
|
"fields": {
|
|
"Header": [
|
|
{
|
|
"group": "Header",
|
|
"type": "String",
|
|
"optional": false,
|
|
"field": "Cookie",
|
|
"description": "<p>Cookie containing "connect.sid", the user session token.</p>"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
] });
|