Token Authentication – GBG IDscan Documentation

Token Authentication

This action is used for user authentication. It accepts the login credentials and returns the user full name, his role and an authentication token. For demonstration purposes, the system will be supported with service accounts to be used with authentication calls, no password policies are applied on these accounts, and these accounts are:

[POST] https://serverURL/idscanenterprisesvc/token
Request/Response format: application/x-www-form-urlencoded 

Parameters:

NameDescriptionFormat
UserNameMandatory, the user login nameThe key and value should be lower case sensitive string.
PasswordMandatory, the user passwordThe key should be lower case string; value
is case sensitive.
AreaPossible Values:
scanning
investigation
The key and value should be lower case
sensitive string, see Areas Table.
grant_typepassword

Results:

Key NameDescriptionFormat
UsernameUser login nameString
FullNameUser full nameString
RoleUser roleString
TokenAuthentication tokenString, the key is in lower case

Important Notes: Notice that the content-type and payload type is “x-www-form-urlencoded” so the payload body will be in the form (grant_type=password&username=”yourusername”&password=”yourpassword”). If all is correct, you’ll notice that you’ve received signed token on the response.

When generating a token, please ensure you do not submit the value as ‘bearer’ and that you use the GBG IDscan documentation to understand how to submit correctly

A new Authentication Token should be sent along with every forthcoming request in the http headers.

The authentication token can be set in the HTTP request one of the following ways:

  • By using Cookie:
    • Cookie: token= DE14ydbxNEiUuIaV2tHN2A
  • By using Authorization Http header:
    • Authorization: DE14ydbxNEiUuIaV2tHN2A

Important Notes: Tokens are only valid for 10 hours. We advise for best practice generating a new token per journey request.

Authentication action must be called before attempting Upload or Retrieval, each action has its designated value of the “area” parameter in the authentication request.

Calls must have an authentication token that was acquired with the appropriate “area” in order to do successful calls, the area names required for calls are as of the following:

Action NameAreaFormat
Upload Scanning Lower case string
RetrievalInvestigationLower case string

Response:

{
    "access_token": "_dbDABG_sERyqaDFgk1DYDTo9BHe9OPD4r6l3MNr4-PgkCorjtLSfaoxbqz4QQgOvSZyzAx9rMZnMxFn80knO_yRJ2eesVeVR-1xwgyb7cNiVlwPC-SX9RfHs1f0QRrpxQrYtoqHXFP_1GCvjR5MKbrPGhoi_LcBGWKghpklno_vzJMiZKLyuXpaCv8xN3y64lpCHZ7WHCIeFQkYYxu_9DsazrWPjxc9j0KRGhNDFjQQGrJ9ZsXB5ExyuRgVREKyhfQyQxmBYZu2JTNZG-_ntj3QnyPkNAKE92HGPinCow86P4JGU9nMgiQL72QHr30Aiy54y8NyKlxjcJRjCP3Z8nXNY_Che4rkjC8w16TodudI-x0eO2qXaP4MGTee9EMZB__YQikTkshJANZGhwjeexfhZAWu1t5aJ6TucYz14-GRKeLQnJXsrSkWWZ8VKHHy0zYH7LzHaoFY0KvP8aNNTQLPA2wGtKZp7oISq1mb9Vadqf4sBKpQFRo-dy1CzIU3GLfOEO2qza1CRjGUGEkn0c6_P4IjC4uLLxOyfcRQVQP6yLAttUBXz6-8Tii-qBwA",
    "token_type": "bearer",
    "expires_in": 35999,
    "BranchCode": "",
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "psc",
    "FullName": "PSC",
    "AbbeyServiceCentre": "",
    "JourneyId": "",
    "IdleSessionTimeout": "15",
    "http://schemas.microsoft.com/ws/2008/06/identity/claims/role": "SuperAdministrator",
    "memberOf": "Users,Domain Users,AWS Delegated Add Workstations To Domain Users,IEOSAdmins,IDscan",
    "tenant": "IDscan",
    ".issued": "Fri, 15 Nov 2019 12:42:34 GMT",
    ".expires": "Fri, 15 Feb 2019 22:22:15 GMT"
}
Was this page helpful?