Difference between revisions of "LoginUserPassword"
| Line 1: | Line 1: | ||
{{Api_Method_Spec| | {{Api_Method_Spec| | ||
| − | Description= | + | Description=This method can be used by Trusted Devices to generate a token. The generated Token will carry all the information regarding the device, user, etc. and is required to consume most of the methods of UNIAPI with specific user context. The token generated is valid during the next 24 hours (configurable in GVP). |
| + | |||
| + | The logged token can be easily identified because it starts with the chars: <span style="color: #a11;">AU_</span> | ||
| − | |||
| − | |||
This method will verify that the Device(deviceType/deviceId) provided is linked to the current user as TrustedDevice, and it will verify that the Device is enabled. | This method will verify that the Device(deviceType/deviceId) provided is linked to the current user as TrustedDevice, and it will verify that the Device is enabled. | ||
| Line 21: | Line 21: | ||
==== BI ==== | ==== BI ==== | ||
This method creates an entry in GVP_LogLogin collection (even if the login was successful or not) | This method creates an entry in GVP_LogLogin collection (even if the login was successful or not) | ||
| − | + | ||
|Parameters= | |Parameters= | ||
{{Api_Parameter| | {{Api_Parameter| | ||
Revision as of 19:12, 4 June 2014
Description
This method can be used by Trusted Devices to generate a token. The generated Token will carry all the information regarding the device, user, etc. and is required to consume most of the methods of UNIAPI with specific user context. The token generated is valid during the next 24 hours (configurable in GVP).
The logged token can be easily identified because it starts with the chars: AU_
This method will verify that the Device(deviceType/deviceId) provided is linked to the current user as TrustedDevice, and it will verify that the Device is enabled.
The UNIAPI will only allow users in Active status to login (excluded and suspended users will return an exception). For users in AwaitingEmailConfirmation status, it depends on a flag configured at instance level (GVP_INSTANCES.AllowLoginBeforeEmailConfirmationFlag):
- If AllowLoginBeforeEmailConfirmationFlag = true, if the user tries to login in AwaitingEmailConfirmation status, the login will be allowed and the user status will be changed to Active status.
- If AllowLoginBeforeEmailConfirmationFlag = false, then UserNotYetActivatedException is thrown.
TODO: link with enumeration.
Geo-Location
This method applies GeoLocation restriction. It extracts the IP address from the request and retrieves the Country of the IP from the MaxMind Database. Then, it verifies if the Country from where the request was generated is linked to the instance (GVP_INSTANCES). If not, UserTryingToRoamingException exception is thrown.
The user can be marked as Geoblocking whitelist (inside User Profile, GVP_USERS). In this case, the Geoblocking is not applied for this user.
BI
This method creates an entry in GVP_LogLogin collection (even if the login was successful or not)
Parameters
- deviceType (int, required)
- The device type code (see #DeviceTypeCodes enumeration to know the list of device types allowed)
- instanceId (int, required)
- The id of the instance (OB) for the current environment. This ID might vary depending on the environment.
- userName (String, required)
- E-mail from the user that wants to recover the password.
- password (String, required)
- Password sets by the customer in his settings.
Returns
Returns a JSON object containing the generated token and its expiration time (in UnixTimestamp format).
Example:
{
- Login Object
}
Exceptions
Caching
This method is not cached.
Known issues
None
Version history
| API Version Number | Change description | Changes author |
|---|---|---|
| 1.0 | Initial method design | Harley Cabral |
| 2.1 | Added AllowLoginBeforeEmailConfirmationFlag business logic. | Harley Cabral |
See also
- RegisterTrustedDevice method
- Authentication Service methods
