Rest Authentication With ONERole Header
Today when authenticating through Basic Authorization, ONE remembers the last role used by the user and uses that role to establish the user's session. But in certain situations, the client would like to specify a different role to use when authenticating.
To use the other roles available for an user, user can provide an optional parameter in the HTTP Header
HTTP header name: ONERole
HTTP Header value: JSON containing one or more of the following values:
{ enterpriseName:
""
, organizationName:
""
, siteName:
""
, roleTypeName:
""
, roleName:
""
}
Please Note: Both roleTypeName and roleName parameter are not supported concurrently. You will need to provide either roleTypeName or roleName
When ONERole is present, instead of using the user's last-used role, application will execute a query to find all the roles currently assigned to the authenticating user where role and user association are both Active.
For example:
{ enterpriseName:
"Acme"
, organizationName:
"SouthRegion"
, roleTypeName:
"ZBKS.Supplier"
}
This would pick the first active role for the authenticating user where the Role is in the SouthRegion organization of the Acme enterprise, and the role is based on ZBKS.Supplier. The caller could alternately provide a specific roleName available for an user instead of roleTypeName.
If there are multiple such matches, ONE will use the first record alphabetically by role name. If there are no matches, authentication will fail even if the user has other valid roles which don't match the current criteria.