User Creation

Users form the basis of all authentication in UCloud.

Rationale

Users in UCloud are authenticated in one of two ways:

1. WAYF: The user is created on first login by using their login credentials from WAYF (Where Are You From) which is a identity federation allowing the reuse of logins from most danish and north atlantic research and education centers on external sites.

2. PASSWORD: The users is created by an ADMIN of the system. This is mainly used to give access to people outside WAYF. When a user is a PASSWORD user then there is also a requirement of 2FA. The 2FA is setup after first login.

Each user has a role defining their privileges on the UCloud system. See Role for more details.

---

⚠️ WARNING: The API listed on this page will likely change to conform with our API conventions. Be careful when building integrations. The following changes are expected:

• RPC names will change to conform with the conventions

• RPC request and response types will change to conform with the conventions

• RPCs which return a page will be collapsed into a single browse endpoint

• Some property names will change to be consistent with Resources

---

Table of Contents

1. Remote Procedure Calls

Name	Description
getUserInfo	Request information about the current user.
lookupEmail	Request the email of a user.
lookupUserWithEmail	No description
lookupUsers	No description
retrievePrincipal	No description
changePassword	Request change of the password of the current user (if [`PASSWORD`](/docs/reference/dk.sdu.cloud.auth.api.PASSWORD.md) user).
changePasswordWithReset	Request reset of password of a [`PASSWORD`](/docs/reference/dk.sdu.cloud.auth.api.PASSWORD.md) user.
closeIterator	No description
createNewUser	Request creation of a new [`PASSWORD`](/docs/reference/dk.sdu.cloud.auth.api.PASSWORD.md) user.
fetchNextIterator	No description
openUserIterator	No description
updateUserInfo	Request update of information about the current user.

2. Data Models

Name	Description
AuthenticationTokens	No description
Person	No description
Person.ByPassword	No description
Person.ByWAYF	No description
Principal	No description
ProviderPrincipal	No description
ServicePrincipal	No description
UserLookup	No description
ChangePasswordRequest	No description
ChangePasswordWithResetRequest	No description
CreateSingleUserRequest	No description
GetPrincipalRequest	No description
LookupEmailRequest	No description
LookupUserWithEmailRequest	No description
LookupUsersRequest	No description
UpdateUserInfoRequest	No description
GetUserInfoResponse	No description
LookupEmailResponse	No description
LookupUserWithEmailResponse	No description
LookupUsersResponse	No description

Remote Procedure Calls

getUserInfo

Request information about the current user.

Request	Response	Error
Unit	GetUserInfoResponse	CommonErrorMessage

lookupEmail

Request the email of a user.

Request	Response	Error
LookupEmailRequest	LookupEmailResponse	CommonErrorMessage

lookupUserWithEmail

Request	Response	Error
LookupUserWithEmailRequest	LookupUserWithEmailResponse	CommonErrorMessage

lookupUsers

Request	Response	Error
LookupUsersRequest	LookupUsersResponse	CommonErrorMessage

retrievePrincipal

Request	Response	Error
GetPrincipalRequest	Principal	CommonErrorMessage

changePassword

Request change of the password of the current user (if PASSWORD user).

Request	Response	Error
ChangePasswordRequest	Unit	CommonErrorMessage

changePasswordWithReset

Request reset of password of a PASSWORD user.

Request	Response	Error
ChangePasswordWithResetRequest	Unit	CommonErrorMessage

This request can only be called by other services, and is used by the PasswordResetService to reset a user’s password in case they are unable to log in. Read more in Password Reset.

closeIterator

Request	Response	Error
FindByStringId	Unit	CommonErrorMessage

createNewUser

Request creation of a new PASSWORD user.

Request	Response	Error
List<CreateSingleUserRequest>	List<AuthenticationTokens>	CommonErrorMessage

fetchNextIterator

Request	Response	Error
FindByStringId	List<Principal>	CommonErrorMessage

openUserIterator

Request	Response	Error
Unit	FindByStringId	CommonErrorMessage

updateUserInfo

Request update of information about the current user.

Request	Response	Error
UpdateUserInfoRequest	Unit	CommonErrorMessage

Data Models

AuthenticationTokens

data class AuthenticationTokens(
    val accessToken: String,
    val refreshToken: String,
    val csrfToken: String,
)

Properties

accessToken: String

refreshToken: String

csrfToken: String

---

Person

sealed class Person {
    abstract val displayName: String
    abstract val email: String?
    abstract val firstNames: String
    abstract val lastName: String
    abstract val orcId: String?
    abstract val phoneNumber: String?
    abstract val serviceLicenseAgreement: Int
    abstract val title: String?
    abstract val twoFactorAuthentication: Boolean
    abstract val id: String
    abstract val role: Role

    class ByPassword : Person()
    class ByWAYF : Person()
}

Properties

displayName: String

email: String?

firstNames: String

lastName: String

orcId: String?

phoneNumber: String?

serviceLicenseAgreement: Int

title: String?

twoFactorAuthentication: Boolean

id: String

role: Role

---

Person.ByPassword

data class ByPassword(
    val id: String,
    val role: Role,
    val title: String?,
    val firstNames: String,
    val lastName: String,
    val phoneNumber: String?,
    val orcId: String?,
    val email: String?,
    val twoFactorAuthentication: Boolean,
    val serviceLicenseAgreement: Int,
    val organizationId: String?,
    val password: List<Byte>?,
    val salt: List<Byte>?,
    val displayName: String,
    val type: String /* "password" */,
)

Properties

id: String

role: Role

title: String?

firstNames: String

lastName: String

phoneNumber: String?

orcId: String?

email: String?

twoFactorAuthentication: Boolean

serviceLicenseAgreement: Int

organizationId: String?

password: List<Byte>?

salt: List<Byte>?

displayName: String

type: String /* "password" */ The type discriminator

---

Person.ByWAYF

data class ByWAYF(
    val id: String,
    val role: Role,
    val title: String?,
    val firstNames: String,
    val lastName: String,
    val phoneNumber: String?,
    val orcId: String?,
    val email: String?,
    val serviceLicenseAgreement: Int,
    val organizationId: String,
    val wayfId: String,
    val displayName: String,
    val twoFactorAuthentication: Boolean,
    val type: String /* "wayf" */,
)

Properties

id: String

role: Role

title: String?

firstNames: String

lastName: String

phoneNumber: String?

orcId: String?

email: String?

serviceLicenseAgreement: Int

organizationId: String

wayfId: String

displayName: String

twoFactorAuthentication: Boolean

type: String /* "wayf" */ The type discriminator

---

Principal

sealed class Principal {
    abstract val id: String
    abstract val role: Role

    class Person : Principal()
    class ProviderPrincipal : Principal()
    class ServicePrincipal : Principal()
}

Properties

id: String

role: Role

---

ProviderPrincipal

data class ProviderPrincipal(
    val id: String,
    val role: Role,
    val type: String /* "provider" */,
)

Properties

id: String

role: Role

type: String /* "provider" */ The type discriminator

---

ServicePrincipal

data class ServicePrincipal(
    val id: String,
    val role: Role,
    val type: String /* "service" */,
)

Properties

id: String

role: Role

type: String /* "service" */ The type discriminator

---

UserLookup

data class UserLookup(
    val subject: String,
    val role: Role,
)

Properties

subject: String

role: Role

---

ChangePasswordRequest

data class ChangePasswordRequest(
    val currentPassword: String,
    val newPassword: String,
)

Properties

currentPassword: String

newPassword: String

---

ChangePasswordWithResetRequest

data class ChangePasswordWithResetRequest(
    val userId: String,
    val newPassword: String,
)

Properties

userId: String

newPassword: String

---

CreateSingleUserRequest

data class CreateSingleUserRequest(
    val username: String,
    val password: String?,
    val email: String?,
    val role: Role?,
    val firstnames: String?,
    val lastname: String?,
    val orgId: String?,
)

Properties

username: String

password: String?

email: String?

role: Role?

firstnames: String?

lastname: String?

orgId: String?

---

GetPrincipalRequest

data class GetPrincipalRequest(
    val username: String,
)

Properties

username: String

---

LookupEmailRequest

data class LookupEmailRequest(
    val userId: String,
)

Properties

userId: String

---

LookupUserWithEmailRequest

data class LookupUserWithEmailRequest(
    val email: String,
)

Properties

email: String

---

LookupUsersRequest

data class LookupUsersRequest(
    val users: List<String>,
)

Properties

users: List<String>

---

UpdateUserInfoRequest

data class UpdateUserInfoRequest(
    val email: String?,
    val firstNames: String?,
    val lastName: String?,
)

Properties

email: String?

firstNames: String?

lastName: String?

---

GetUserInfoResponse

data class GetUserInfoResponse(
    val email: String?,
    val firstNames: String?,
    val lastName: String?,
)

Properties

email: String?

firstNames: String?

lastName: String?

---

LookupEmailResponse

data class LookupEmailResponse(
    val email: String,
)

Properties

email: String

---

LookupUserWithEmailResponse

data class LookupUserWithEmailResponse(
    val userId: String,
    val firstNames: String,
    val lastName: String,
)

Properties

userId: String

firstNames: String

lastName: String

---

LookupUsersResponse

data class LookupUsersResponse(
    val results: JsonObject,
)

Properties

results: JsonObject

---