Client API¶
We here outline the different methods afforded by the clients in the Olympus project.
Global client API¶
All clients have the following API handles available. Each can be made accessible through REST by using the rest-wrapper component. Otherwise they can be accessed through calls to the specific client classes in package eu.olympus.client.
Create User (Username, Password)¶
Creates a new user account based on a Username and Password. Fails if an account already exists with the given Username.
Create User and Add Attributes (Username, Password, idProof)¶
Creates a new user account based on a Username and Password and associates certain attributes with this user’s identity based on the data contained in idProof. Fails if an account already exists with the given Username or if the proof of the user’s attributes is not accepted.
Add Attributes (Username, Password, Token, TokenType, idProof)¶
Authenticates an already existing user based on their Username, Password and optionally a MFA token of a certain type. If the authentication succeeds then the attributes in idProof is added to the user’s account, assuming that these attributes can be verified.
Authenticate (Username, Password, Policy, Token, TokenType)¶
Authenticates an already existing user based on their Username, Password and optionally a MFA token of a certain type. If the authentication succeeds then a token is constructed and returned to the user, based on the user’s stored attributed in accordance with the Policy supplied. That is, the token may or may not contain information based on the user’s attributes as specified by the Policy.
GetAllAttributes (Username, Password, Token, TokenType)¶
Authenticates an already existing user based on their Username, Password and optionally a MFA token of a certain type and returns all the verified attributes a user has stored with their account.
DeleteAttributes (Username, Password, Attributes, Token, TokenType)¶
Authenticates an already existing user based on their Username, Password and optionally a MFA token of a certain type and deletes the Attributes specified from the user’s account.
DeleteAccount (Username, Password, Token, TokenType)¶
Authenticates an already existing user based on their Username, Password and optionally a MFA token of a certain type and deletes the user’s account completely.
ChangePassword (Username, OldPassword, NewPassword, Token, TokenType)¶
Authenticates an already existing user based on their Username, Password and optionally a MFA token of a certain type and changes the the user’s password from OldPassword to NewPassword.
RequestMFA (Username, Password, TokenType)¶
Authenticates an already existing user based on their Username and Password and returns an MFA challenge for an MFA authenticator of a certain type.
ConfirmMFA (Username, Password, Token, TokenType)¶
Authenticates an already existing user based on their Username and Password and an MFA token constructed based on the a MFA challenge received by a call to RequestMFA. If the token is verified then the MFA of the TokenType is added to the user’s account such that it is always required to use this to authenticate in the future.
RemoveMFA (Username, Password, Token, TokenType)¶
Authenticates an already existing user based on their Username and Password and an MFA token of TokenType. If the verification is successful then the MFA of TokenType is removed from the user’s account such that it is not needed in the future.
ClearSession¶
Removes the current session stored on the client. The client is able to cache the cryptographic material associated with a given user along with a cookie for an active session between the user and the IdPs. This call removes all state of the client, including credentials in the case of a dp-ABC client.