Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 12 Next »

All services require TLS for the transport security.

Authentication

Noah ES contains an Identity Provider that supports OAuth 2.0 and OpenId Connect. The Identity Provider (IdP) is used for Authentication.

All services require a valid token from the IdP when called.

1. Request

Parameters that must be supplied:

  • URI and port number
    • QA environment: idp.qa.eu.noah-es.com:443
    • EU Production: idp.eu.noah-es.com:443
    • US Production: idp.us.noah-es.com:443
  • ClientId: Supplied by HIMSA
  • Scope: openid offline_access profile noah.cloud.app.api
  • Flow: Authorization Code
  • RedirectURI: IdP will redirect the client to this after successful authentication, with tokens for accessing the API. You must inform HIMSA about this, because we need to whitelist it
  • Extra options

    • culture-lcid: Culture LCID code for localizing the website

2. Response

When the client is redirected to the RedirectURI, the body in the response will contain:

  • tenantid: The tenantId that the user selected
  • given_name: E-mail of the user truncated to 20 characters. Use API to obtain user account id of logged in user
  • RefreshToken: Must be exchanged afterward for an access token. If using HIMSA's .NET Client this step is automated

3. Exchange refresh token for an access token

Note: This is done automatically if you are using HIMSA's .NET Client, Legacy Business API or Module API

TODO

4. Connecting to API

  • URI and port number
    • QA environment: api.qa.eu.noah-es.com:443
    • EU Production: api.eu.noah-es.com:443
    • US Production: api.us.noah-es.com:443
  • HIMSA's .NET Client:
    • Use the constructor that takes refresh token as input
  • Legacy Business API:
    • Call the Initialize() method overload that takes server name and port number of IdP
    • Call ValidateLogin(), method overload that takes tenantId, setting LoginName to user e-mail and Password to refresh token
    • TODO: BPIToken
  • Legacy Module API:
    • TODO
    • TODO: BPIToken

Logging off

In case a user only set up 1 account and that account is of type single sign-on, logging off will redirect the user directly to the login page. In that case it will not be possible to set up a different account.

We suggest to redirect to the account selection page of the IdP after successfully logging off. It is then important to include "forcechoose" in the query string (with any value).

  • No labels