RapidIdentity Product Guides - 2019 Rolling Release

Password Authentication Method

Here is an example response from the server indicating that password authentication is required as the next step:

HTTP/1.1 200 OK 
Content-Type: application/json
{
  "type": "password",
  "id": "931c4a40-2dc9-11e6-937b-005056c00008"
}

Note that the value of the type property is password.

In addition to sending the standard id and type properties with the next request, the only other thing required is a valid password:

POST /idp/ws/rest/authn HTTP/1.1 
Content-Type: application/json 
Accept: application/json
{
  "type": "password",
  "id": "931c4a40-2dc9-11e6-937b-005056c00008",
  "password": "mysecurepassword"
}

If the password provided is correct, then the next authentication step will be returned by the server. If not a password type will be returned with an error property.

Here is an example of a response from the server if the password sent in the request is incorrect:

HTTP/1.1 200 OK 
Content-Type: application/json
{
  "type": "password",
  "id": "931c4a40-2dc9-11e6-937b-005056c00008",
  "error": {
    "type": "simple",
    "message": "Incorrect Username and/or Password"
  }
}

Notice the type of the error is simple. This indicates that the associated message should be displayed to the user and they should be prompted again for a valid password.

Here is an example of the response from the server if the password was correct but the user is required to update their password before continuing:

HTTP/1.1 200 OK 
Content-Type: application/json
{
  "type": "password",
  "id": "931c4a40-2dc9-11e6-937b-005056c00008",
  "error": {
    "type": "password-expired",
    "message": "Your password is expired and must be updated before continuing",
    "expiredPasswordText": "CLICK HERE to change your password.",
    "targetUrl": "/arms/expired-password",
    "username": "8kb+8GQVM2HUGJQtMRxKjNFfUNuboOhcdtBw8VtIlZU=",
    "password": "78EV3jkq6IYu/8S2rC4M54NQYwTQRPRaUEaFuNdRx6w="
  }
}

Notice the type of the error is password-expired. This indicates that the user must change their password and the associated message should be displayed to the user to let them know. The expiredPasswordTexttargetUrl, username and password property values are used to construct a link which, when clicked, submits a form in a new window which POSTs the obfuscated username and password to the targetUrl.

In this section: