User Creation¶
Users form the basis of all authentication in UCloud.
Rationale¶
Users in UCloud are authenticated in one of two ways:
WAYF
: The user is created on first login by using their login credentials from WAYF (Where Are You From) which is a identity federation allowing the reuse of logins from most danish and north atlantic research and education centers on external sites.PASSWORD
: The users is created by an ADMIN of the system. This is mainly used to give access to people outside WAYF. When a user is a PASSWORD user then there is also a requirement of 2FA. The 2FA is setup after first login.
Each user has a role defining their privileges on the UCloud system. See Role
for more details.
⚠️ WARNING: The API listed on this page will likely change to conform with our API conventions. Be careful when building integrations. The following changes are expected:
RPC names will change to conform with the conventions
RPC request and response types will change to conform with the conventions
RPCs which return a page will be collapsed into a single
browse
endpointSome property names will change to be consistent with
Resource
s
Table of Contents¶
1. Remote Procedure Calls
Name | Description |
---|---|
getUserInfo |
Request information about the current user. |
lookupEmail |
Request the email of a user. |
lookupUserWithEmail |
No description |
lookupUsers |
No description |
retrievePrincipal |
No description |
changePassword |
Request change of the password of the current user (if [`PASSWORD`](/docs/reference/dk.sdu.cloud.auth.api.PASSWORD.md) user). |
changePasswordWithReset |
Request reset of password of a [`PASSWORD`](/docs/reference/dk.sdu.cloud.auth.api.PASSWORD.md) user. |
closeIterator |
No description |
createNewUser |
Request creation of a new [`PASSWORD`](/docs/reference/dk.sdu.cloud.auth.api.PASSWORD.md) user. |
fetchNextIterator |
No description |
openUserIterator |
No description |
updateUserInfo |
Request update of information about the current user. |
2. Data Models
Name | Description |
---|---|
AuthenticationTokens |
No description |
Person |
No description |
Person.ByPassword |
No description |
Person.ByWAYF |
No description |
Principal |
No description |
ProviderPrincipal |
No description |
ServicePrincipal |
No description |
UserLookup |
No description |
ChangePasswordRequest |
No description |
ChangePasswordWithResetRequest |
No description |
CreateSingleUserRequest |
No description |
GetPrincipalRequest |
No description |
LookupEmailRequest |
No description |
LookupUserWithEmailRequest |
No description |
LookupUsersRequest |
No description |
UpdateUserInfoRequest |
No description |
GetUserInfoResponse |
No description |
LookupEmailResponse |
No description |
LookupUserWithEmailResponse |
No description |
LookupUsersResponse |
No description |
Remote Procedure Calls¶
getUserInfo
¶
Request information about the current user.
Request | Response | Error |
---|---|---|
Unit |
GetUserInfoResponse |
CommonErrorMessage |
lookupEmail
¶
Request the email of a user.
Request | Response | Error |
---|---|---|
LookupEmailRequest |
LookupEmailResponse |
CommonErrorMessage |
lookupUserWithEmail
¶
Request | Response | Error |
---|---|---|
LookupUserWithEmailRequest |
LookupUserWithEmailResponse |
CommonErrorMessage |
lookupUsers
¶
Request | Response | Error |
---|---|---|
LookupUsersRequest |
LookupUsersResponse |
CommonErrorMessage |
retrievePrincipal
¶
Request | Response | Error |
---|---|---|
GetPrincipalRequest |
Principal |
CommonErrorMessage |
changePassword
¶
Request change of the password of the current user (if PASSWORD
user).
Request | Response | Error |
---|---|---|
ChangePasswordRequest |
Unit |
CommonErrorMessage |
changePasswordWithReset
¶
Request reset of password of a PASSWORD
user.
Request | Response | Error |
---|---|---|
ChangePasswordWithResetRequest |
Unit |
CommonErrorMessage |
This request can only be called by other services, and is used by the PasswordResetService
to reset a
user’s password in case they are unable to log in. Read more in Password Reset.
closeIterator
¶
Request | Response | Error |
---|---|---|
FindByStringId |
Unit |
CommonErrorMessage |
createNewUser
¶
Request creation of a new PASSWORD
user.
Request | Response | Error |
---|---|---|
List<CreateSingleUserRequest> |
List<AuthenticationTokens> |
CommonErrorMessage |
fetchNextIterator
¶
Request | Response | Error |
---|---|---|
FindByStringId |
List<Principal> |
CommonErrorMessage |
openUserIterator
¶
Request | Response | Error |
---|---|---|
Unit |
FindByStringId |
CommonErrorMessage |
updateUserInfo
¶
Request update of information about the current user.
Request | Response | Error |
---|---|---|
UpdateUserInfoRequest |
Unit |
CommonErrorMessage |
Data Models¶
AuthenticationTokens
¶
data class AuthenticationTokens(
val accessToken: String,
val refreshToken: String,
val csrfToken: String,
)
Person
¶
sealed class Person {
abstract val displayName: String
abstract val email: String?
abstract val firstNames: String
abstract val lastName: String
abstract val orcId: String?
abstract val phoneNumber: String?
abstract val serviceLicenseAgreement: Int
abstract val title: String?
abstract val twoFactorAuthentication: Boolean
abstract val id: String
abstract val role: Role
class ByPassword : Person()
class ByWAYF : Person()
}
Person.ByPassword
¶
data class ByPassword(
val id: String,
val role: Role,
val title: String?,
val firstNames: String,
val lastName: String,
val phoneNumber: String?,
val orcId: String?,
val email: String?,
val twoFactorAuthentication: Boolean,
val serviceLicenseAgreement: Int,
val organizationId: String?,
val password: List<Byte>?,
val salt: List<Byte>?,
val displayName: String,
val type: String /* "password" */,
)
Person.ByWAYF
¶
data class ByWAYF(
val id: String,
val role: Role,
val title: String?,
val firstNames: String,
val lastName: String,
val phoneNumber: String?,
val orcId: String?,
val email: String?,
val serviceLicenseAgreement: Int,
val organizationId: String,
val wayfId: String,
val displayName: String,
val twoFactorAuthentication: Boolean,
val type: String /* "wayf" */,
)
Principal
¶
sealed class Principal {
abstract val id: String
abstract val role: Role
class Person : Principal()
class ProviderPrincipal : Principal()
class ServicePrincipal : Principal()
}
ProviderPrincipal
¶
data class ProviderPrincipal(
val id: String,
val role: Role,
val type: String /* "provider" */,
)
ServicePrincipal
¶
data class ServicePrincipal(
val id: String,
val role: Role,
val type: String /* "service" */,
)
UserLookup
¶
data class UserLookup(
val subject: String,
val role: Role,
)
ChangePasswordRequest
¶
data class ChangePasswordRequest(
val currentPassword: String,
val newPassword: String,
)
ChangePasswordWithResetRequest
¶
data class ChangePasswordWithResetRequest(
val userId: String,
val newPassword: String,
)
CreateSingleUserRequest
¶
data class CreateSingleUserRequest(
val username: String,
val password: String?,
val email: String?,
val role: Role?,
val firstnames: String?,
val lastname: String?,
val orgId: String?,
)
GetPrincipalRequest
¶
data class GetPrincipalRequest(
val username: String,
)
Properties
username
: String
String
LookupEmailRequest
¶
data class LookupEmailRequest(
val userId: String,
)
Properties
userId
: String
String
LookupUserWithEmailRequest
¶
data class LookupUserWithEmailRequest(
val email: String,
)
Properties
email
: String
String
LookupUsersRequest
¶
data class LookupUsersRequest(
val users: List<String>,
)
UpdateUserInfoRequest
¶
data class UpdateUserInfoRequest(
val email: String?,
val firstNames: String?,
val lastName: String?,
)
GetUserInfoResponse
¶
data class GetUserInfoResponse(
val email: String?,
val firstNames: String?,
val lastName: String?,
)
LookupEmailResponse
¶
data class LookupEmailResponse(
val email: String,
)
Properties
email
: String
String
LookupUserWithEmailResponse
¶
data class LookupUserWithEmailResponse(
val userId: String,
val firstNames: String,
val lastName: String,
)
LookupUsersResponse
¶
data class LookupUsersResponse(
val results: JsonObject,
)
Properties
results
: JsonObject
JsonObject