Last updated December 08, 2009 22:17, by Frederic Jean
Feedicon  

« Back to API Home

Authentication/Authorization API

Authentication is used for login verification, while authorization is used to verify that an action on a feature is permitted for a user.

People Authenticate

The authentication API enables a client to verify a username and password for a Kenai account. The API also allows login by email address. Since portions of kenai.com only allow login by username (for example, source code management), the username is included in the response for successful authentications.

Version 1
Authentication unnecessary
URI /api/login/authenticate.json
Request Any of the following POST requests can be used. 
POST /api/login/authenticate.json
Content-Type: application/x-www-form-urlencoded

username={user}&password={pass}

POST /api/login/authenticate.json
Content-Type: application/x-www-form-urlencoded

credentials={base64-encoded user:pass}
 
POST /api/login/authenticate.json
Content-Type: application/json

{"username":"{user}", "password":"{pass}"}
 
POST /api/login/authenticate.json
Content-Type: application/json

{"credentials":"{base64-encoded user:pass}"}
Response Success: 200 OK
Failed: 403 Forbidden
JSON Payload 
  {
    "status":"200 OK",
    "message":"Authenticate successful",
    "username":"{username}"
  }

People Authorize

The authorize API enables a client to ask whether a person is authorized to perform an activity on a particular project.

Version 1
Authentication unnecessary
URI /api/login/authorize.json
Request GET /api/login/authorize.json?{params}
Parameters are as follows:
  • person_id={username}: email or username of person to authorize
  • feature_id={feature-name}: name of feature (e.g., mercurial, wiki, forum, etc.)
  • activity_id={activity-name}: name of activity (e.g., read, write, update)
  • project_id={project-name}: project name
Response Success: 200 OK
Failed: 403 Forbidden
JSON Payload {"status":"200 OK", "message":"Person foo is authorized"}

SSO Token Validation

The SSO Token Validation service allows a third party application to validate the Kenai SSO Token. Note that this mostly useful for applications that are running under the same domain as the Kenai back end since this token is usually passed as a cookie.

Version 1
Authentication unnecessary
URI /api/login/validate/
Request GET /api/login/validate/{token}
Parameters are as follows:
  • token: The SSO token provided by Kenai. It's format is {username}:{expiration};{hash}
Response Success: 200 OK
Failed: 403 Forbidden
  • Mysql
  • Glassfish
  • Jruby
  • Rails
  • Nblogo
Terms of Use; Privacy Policy;
© 2010, Oracle Corporation and/or its affiliates
(revision 20120518.3c65429)
 
 
Close
loading
Please Confirm
Close