Authentication Service (legacy)

We are switching most of our services over to a different authentication API, please see https://bokbasen.jira.com/wiki/spaces/api/pages/2994962433

All services requires the client to include a token, acquired from the authentication service. The token will be valid for a limited period of time, but valid for all requests during that time interval. So this is done in two steps:

Authenticate a user and acquire a token called Ticket Granting Ticket (TGT).
Call resource in context with the TGT (re-usable as long as TGT is valid).

In a simplified way the process can be shown as follows

To authenticate with resources exposed by the API, it is required to sign in with the login service. This service is called to retrieve a valid TGT token.

URL	`https://login.boknett.no/v1/tickets`
Method	POST
Request parameters	username	Required	Username for whom to sign in as.
Request parameters	password	Required	Password for whom to sign in as.
Response headers	Boknett-TGT	TGT returned from login service
Returns	201	Created
	400	Bad Request
	405	Method Not Allowed

Sample usage

Remember that curl does not automatically urlencode -d input data, so if you password has any special characters you nede to manually urlencode it first.

curl -i -d "username=USERNAME&password=PASSWORD" https://login.boknett.no/v1/tickets

HTTP/1.1 201 Created
Date: Tue, 10 Jun 2014 16:23:42 GMT
Server: Noelios-Restlet-Engine/1.1..1
Accept-Ranges: bytes
Boknett-TGT: TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no
Content-Length: 0
Via: 1.1 login.boknett.no

Logout

For security reasons it is recommended (although not required) to logout when finished using the TGT. This is not necessary for TGTs that are expired.

URL	https://login.boknett.no/v1/tickets/{TGT}
Method	DELETE
Returns	200	OK
	400	Bad Request
	405	Method Not Allowed

Sample usage

curl  -X "DELETE" -i https://login.boknett.no/v1/tickets/TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no

HTTP/1.1 200 OK
Date: Tue, 10 Jun 2014 17:21:12 GMT
Server: Noelios-Restlet-Engine/1.1..1
Accept-Ranges: bytes
Content-Length: 0
Via: 1.1 login.boknett.no

Restrictions

Restriction	Current value

Restriction	Current value
Maximum age of Authorization token (TGT)	2 hours

Test environment

https://login.boknett.webbe.no/v1/tickets/

Login

Sample usage

Logout

For security reasons it is recommended (although not required) to logout when finished using the TGT. This is not necessary for TGTs that are expired.

Sample usage

Restrictions

Test environment