Skip to main content
Skip table of contents

Signing in with SSO

Request

To sign in using SSO, send a POST request to:

CODE 
https://<host>:<port>/ags/signOn

Headers

  • x-correlation-id – identifier for logging, to correlate messages across a call flow
  • x-auth-service-id – the ID of the authentication (SSO) service to be used for authentication (mandatory).

    This comes from the authServiceName field (within availableServices) in the response to the service discovery request.

  • nv-tenant-id – the tenant ID

Mandatory arguments

  • x-auth-service-id – (in header) – see above

  • parameters – an array of parameters. These are defined in the response to the GET /servicediscovery request.
    Each member of the array is a key/value pair in the following form:

    CODE 
      "parameters": [
    {
      "name": "<name>",
      "value": "<value>"
    }
  ]
  • One of the following:

Other arguments

None

Example


A POST request with this payload signs the client in (nth-time signon):


CODE 
{
  "parameters": [
    {
      "name": "username",
      "value": "dave"
    }
  ],
  "clientId": "abc3fj6sdehd529ng33dg"
}

Note that the contents of the parameters block are provider-/customer-specific and are enumerated in the discovery block.

Response

A successful request returns either an HTTP 201 or 300 status:

  • 201 means that the request was successful. The response includes the access and refresh tokens.
  • 300 means that more than one matching account was found in OpenTV Video Platform. The application must prompt the user to select the account they want to use and then call POST /subsequentSignOn to actually sign on with this account.

A bad request returns an HTTP 400 status.

An unauthorised request returns an HTTP 401 status.

A forbidden request returns an HTTP 403 status.

If the specified <entity> does not exist, the request returns an HTTP 404 status.

Example

The body of the response to a request that returns a 201 status looks like this:

CODE 
{
  "access_token": "eyJraWQiOiIyNTk2MjkiLCJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2NvdW50UHJvZmlsZUlkIjoiREVGQVVMVCIsInRlbmFudElkIjoibmFncmEiLCJmaWx0ZXJpbmdJbmZvcm1hdGlvbiI6e30sImJsb2NraW5nSW5mb3JtYXRpb24iOnt9LCJhY2NvdW50SWQiOiIxNjYzIiwidXNlcklkIjoiMTY2MyIsInZlciI6IjEuMCIsImdlb0Jsb2NrRXhlbXB0IjpmYWxzZSwicGFyZW50YWxDb250cm9sIjpudWxsLCJ0eXAiOiJEZXZBdXRoTiIsImp0aSI6IjQ3ODkwMjM0MjM3MTQwODk0NzgiLCJwbGF5b3V0RGV2aWNlQ2xhc3MiOm51bGwsImRldmljZUlkIjoiUFVCXzk4OSIsImV4cCI6MTY1NDg3NzA5MywiZml4ZWRfZXhwIjoxNjU3NDY1NDkzLCJvbk5ldHdvcmsiOnRydWUsInNlc3Npb25Db250cm9sIjp7Im1heFNlc3Npb25zIjozLCJzZXNzaW9uQ29udHJvbEVuYWJsZWQiOnRydWV9LCJiaWxsaW5nQ291bnRyeUNvZGUiOiJFbXB0eUNvdW50cnkifQ.y9tc1RZVS8un0N1oHHEnRAJeM6frgjlLrbzBgCXjqXk",
  "refresh_token": "eyJraWQiOiIyNTk2MjkiLCJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2ZXIiOiIxLjAiLCJ0ZW5hbnRJZCI6Im5hZ3JhIiwic2Vzc2lvbkNvbnRyb2wiOnsibWF4U2Vzc2lvbnMiOjMsInNlc3Npb25Db250cm9sRW5hYmxlZCI6dHJ1ZX0sImFjY291bnRQcm9maWxlSWQiOiJERUZBVUxUIiwiZGV2aWNlSWQiOiJQVUJfOTg5IiwiZml4ZWRfZXhwIjoxNjU3NDY1NDkzLCJleHAiOjE2NTUwNDYyOTMsImFjY291bnRJZCI6IjE2NjMiLCJqdGkiOiI0Nzg5MDIzNDIzNzE0MDg5NDc4IiwidXNlcklkIjoiMTY2MyIsInR5cCI6IlJlZnJlc2hBdXRoTiJ9.ipL6gundtQ8Iai5qTXPpO6sviEAdLwP0Bt9aDO95yuc",
  "client_id": "PUB_989",
  "accountId": "1663",
  "token_type": "bearer",
  "expires_in": 3600,
  "refresh_expires_in": 172800,
  "fixed_refresh_expires_in": 2592000
}

The body of the response to a request that returns a 300 status looks like this:

CODE 
{
  "accounts": [
    {
      "accountInformation": "{\"apellido\":\"London bridge is falling down\",\"cuenta\":\"1660\",\"direccion\":null,\"estado\":null,\"nombre\":\"My fair lady.\",\"numeroIdentificacion\":null,\"telAdicional\":null,\"telCasa\":null,\"telOficina\":null,\"tipoIdentificacion\":null,\"tipoSuscriptor\":null,\"avisoFinal\":null,\"fechaDX\":null,\"saldo\":null,\"segundoApellido\":null}",
      "userAccountToken": "eyJraWQiOiIyNTk2MjkiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWQiOiIxNjYwIiwiY2xpZW50SWQiOiJQVUJfOTg4IiwidHlwIjoiU2lnbk9uRGV0YWlscyIsImlzcyI6Im1vY2siLCJleHAiOjE2NTQ4Njg4Nzd9.OtAJXFskKOyY2p7ric87fyXLLpLZ3GrvaYvEB_kx73M"
    },
    {
      "accountInformation": "{\"apellido\":\"Winky\",\"cuenta\":\"1661\",\"direccion\":\"Address123\",\"estado\":\"Condition 123\",\"nombre\":\"Teletubbies\",\"numeroIdentificacion\":\"Identification number 123\",\"telAdicional\":\"AdditionalPhone 987654321\",\"telCasa\":\"PhoneHome 88649987\",\"telOficina\":\"Office Tel 123456789\",\"tipoIdentificacion\":\"IdentificationType passport\",\"tipoSuscriptor\":\"Subscriber Type Monthly\",\"avisoFinal\":\"FinalNotice123\",\"fechaDX\":\"Date DX 123\",\"saldo\":\"Balance123\",\"segundoApellido\":\"Second Surname\"}",
      "userAccountToken": "eyJraWQiOiIyNTk2MjkiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWQiOiIxNjYxIiwiY2xpZW50SWQiOiJQVUJfOTg4IiwidHlwIjoiU2lnbk9uRGV0YWlscyIsImlzcyI6Im1vY2siLCJleHAiOjE2NTQ4Njg4Nzd9.7ghTakgoDlwb7ySxzS5SZ-krtDtcNVv6xwKfw1IPVTc"
    }
  ]
}

See also

For full details of this API, see the Authentication Gateway Service (AGS) API documentation.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close