public class AuthenticationRequest extends VaultRequest<AuthenticationRequest>
Note that the VaultClient automatically performs Authentication requests to establish the Vault session.
HTTP_HEADER_AUTHORIZATION, HTTP_HEADER_REFERENCE_ID, HTTP_HEADER_VAULT_CLIENT_ID, referenceId, vaultClient| Modifier and Type | Method and Description |
|---|---|
DiscoveryResponse |
authenticationTypeDiscovery(String username)
Discover the authentication type of a user.
|
VaultResponse |
endSession()
End Session
|
DelegatedSessionResponse |
initiateDelegatedSession(int vaultId,
String delegatorUserId)
Initiate Delegated Session
|
AuthenticationResponse |
login(String userName,
String userPassword)
Authenticate via standard Vault user name and password in the user's default Vault.
|
AuthenticationResponse |
login(String username,
String password,
String vaultDNS)
Authenticate via standard Vault user name and password
in a specific Vault Domain.
|
AuthenticationResponse |
loginOAuth(String oauthOidcProfileId,
String accessToken,
String vaultDNS)
Authenticate your account using OAuth 2.0 / Open ID Connect token to obtain a Vault session ID.
|
AuthenticationResponse |
loginWithDiscovery(String vaultUserName,
String password,
String vaultDNS)
Authenticate using Vault Discovery endpoints.
|
ApiVersionResponse |
retrieveApiVersions()
Retrieves api versions supported by the current Vault
|
DelegationsResponse |
retrieveDelegations()
Retrieve delegations
|
VaultResponse |
sessionKeepAlive()
Session Keep Alive
|
AuthenticationRequest |
setIdpOAuthScope(String idpOAuthScope)
Sets the scope body param for an OAuth Access Token Call
|
AuthenticationRequest |
setIdpUserName(String idpUserName) |
AuthenticationRequest |
setValidateDNS(Boolean validateDNS)
Validate Vault DNS after successful login
|
AuthenticationRequest |
setVaultOAuthClientId(String vaultOAuthClientId)
Set the Header Accept to return CSV
|
UserRetrieveResponse |
validateSessionUser()
Validate Session User
|
getBaseObjectMapper, send, send, sendReturnBinary, sendReturnBinary, sendToFile, sendToFile, setHeaderReferenceId, setVaultClientpublic ApiVersionResponse retrieveApiVersions()
GET /api
public AuthenticationResponse login(String userName, String userPassword)
userName - The user name for authenticationuserPassword - The user password
GET /api/{version}/authpublic AuthenticationResponse login(String username, String password, String vaultDNS)
username - The user name for authenticationpassword - The user passwordvaultDNS - The DNS of the vault for which you want to generate a session
GET /api/{version}/authpublic AuthenticationResponse loginOAuth(String oauthOidcProfileId, String accessToken, String vaultDNS)
When requesting a sessionId, Vault allows the ability for Oauth2/OIDC client applications to pass the client_id with the request. Vault uses this client_id when talking with the introspection endpoint at the authorization server to validate that the access_token presented by the application is valid. Learn more about Client ID in the REST API Documentation.
oauthOidcProfileId - The ID of your OAuth2.0 / Open ID Connect profile.accessToken - OAuth Access Token (access_token)vaultDNS - The DNS of the vault for which you want to generate a session
POST login.veevavault.com/auth/oauth/session/{oath_oidc_profile_id}public AuthenticationResponse loginWithDiscovery(String vaultUserName, String password, String vaultDNS)
vaultUserName - The user name for authenticationpassword - The user passwordvaultDNS - The DNS of the vault for which you want to generate a sessionpublic DiscoveryResponse authenticationTypeDiscovery(String username)
Create an unauthenticated Vault Client to call this endpoint.
username - The user name for authenticationPOST login.veevavault.com/auth/discovery
VaultClient vaultClient = VaultClientBuilder
.newClientBuilder(VaultClient.AuthenticationType.NO_AUTH)
.withVaultClientId(vaultClientId)
.build();
DiscoveryResponse response = vaultClient.newRequest(AuthenticationRequest.class)
.setVaultOAuthClientId("OAuthClientId")
.authenticationTypeDiscovery("username@cholecap.com");
System.out.println("Auth Type: " + response.getData().getAuthType());
for (DiscoveryResponse.DiscoveryData.AuthProfile authProfile : response.getData().getAuthProfiles()) {
System.out.println("ID: " + authProfile.getId());
System.out.println("Label: " + authProfile.getLabel());
System.out.println("AS Client ID: " + authProfile.getAsClientId());
System.out.println("*** AS Metadata ***");
System.out.println(" Token Endpoint: " + authProfile.getAsMetadata().getTokenEndpoint());
}
public VaultResponse sessionKeepAlive()
Developers are now able to keep a Vault API Session alive with a light-weight endpoint that returns SUCCESS when a valid Session Id is supplied. If an invalid Session Id is supplied, Vault returns INVALID_SESSION_ID. Vault always enforces a 48-hour maximum session duration even when used with the Session Keep Alive.
POST /api/{version}/keep-alive
VaultResponse response = vaultClient.newRequest(AuthenticationRequest.class)
.sessionKeepAlive();
}
System.out.println("Response Status:" + vaultClient.getAuthenticationResponse().getResponseStatus());
public UserRetrieveResponse validateSessionUser()
Given a valid session ID, this request returns information for the currently authenticated user. If the session ID is not valid, this request returns an INVALID_SESSION_ID error type. This is similar to a whoami request.
GET /api/{version}/objects/users/meUserRetrieveResponse resp = vaultClient.newRequest(AuthenticationRequest.class).validateSessionUser();
for(UserRetrieveResponse.UserNode userNode : resp.getUsers()) {
User user = userNode.getUser();
System.out.println("User name: " + user.getUserName());
System.out.println("User: " + user.getUserFirstName() + " " + user.getUserLastName());
System.out.println("Email: " + user.getUserEmail());
System.out.println("Id: " + user.getId());
}public DelegationsResponse retrieveDelegations()
Retrieve Vaults where the currently authenticated user has delegate access. You can then use this information to Initiate a Delegated Session.
GET /api/{version}/delegation/vaults
DelegationsResponse response = vaultClient.newRequest(AuthenticationRequest.class)
.retrieveDelegations();
for (DelegationsResponse.DelegatedVault delegatedVault : response.getDelegatedVaults()) {
System.out.println("Id: " + delegatedVault.getId());
System.out.println("Name: " + delegatedVault.getName());
System.out.println("DNS: " + delegatedVault.getDns());
System.out.println("Delegator user Id: " + delegatedVault.getDelegatorUserId());
}public DelegatedSessionResponse initiateDelegatedSession(int vaultId, String delegatorUserId)
Generate a delegated session ID. This allows you to call the Vault REST API on behalf of a user who granted you delegate access.
vaultId - vault iddelegatorUserId - delegator id
POST /api/{version}/delegation/login
InitiateDelegatedSessionResponse response = vaultClient.newRequest(AuthenticationRequest.class)
.initiateDelegatedSession(vaultId, delegatorUserId);
System.out.println("Delegated session Id: " + response.getDelegatedSessionId());
public VaultResponse endSession()
Given an active sessionId, inactivate an API session. If a user has multiple active sessions, inactivating one session does not inactivate all sessions for that user. Each session has its own unique sessionId
DELETE /api/{version}/session
VaultResponse response = vaultClient.newRequest(AuthenticationRequest.class)
.endSession();
System.out.println("Response Status = " + response.getResponseStatus());
public AuthenticationRequest setVaultOAuthClientId(String vaultOAuthClientId)
vaultOAuthClientId - Client Id for the Vault Apppublic AuthenticationRequest setIdpUserName(String idpUserName)
public AuthenticationRequest setIdpOAuthScope(String idpOAuthScope)
idpOAuthScope - OAuth "scope" body param. Default = "openid"public AuthenticationRequest setValidateDNS(Boolean validateDNS)
validateDNS - true/falseCopyright © 2024. All rights reserved.