Authentication REST API

The authentication flow API allows the configuration of arbitrary authentication flows which include authentication, token migration, authorization, and alike steps. It supports a variety of authentication schemes and tokens. 

The Loginapp REST authentication API is flow-based and provides separate flows for authentication and authorization.

Supported authentication methods:

Supported other concepts:

  • Password
  • Airlock 2FA
  • FIDO
  • OneSpan Cronto
  • Device Tokens for mobile apps
  • mTAN
  • Generic OTP
  • OATH OTP
  • Email OTP
  • OneSpan OTP
  • Matrix cards
  • Front-side Kerberos
  • Token migration
  • Terms of services
  • Edit user profile data
  • Resolve target application URLs (locations) to application IDs
  • Secret question provisioning self-service
  • Step-up authentication
  • Temporary locking
  • OAuth/OIDC
  • SAML
  • Remember-me

Configuration entry-point

The main configuration entry point for the Flow Auth API is Loginapp >> Authentication Flows

AuthenticationFlows

Chapter content

17.2.2.1. Flow-based authentication
17.2.2.2. Configuration - REST authentication API
17.2.2.3. Usage examples of REST authentication API
17.2.2.4. Username password authentication in the Loginapp REST API
17.2.2.5. Airlock 2FA authentication in the Loginapp REST API
17.2.2.6. FIDO authentication in the Loginapp REST API
17.2.2.7. Device tokens - REST authentication API
17.2.2.8. SSO ticket authentication in the Loginapp REST API
17.2.2.9. Front-Side Kerberos configuration in the Loginapp REST API
17.2.2.10. Identity propagation configuration in the Loginapp REST API
17.2.2.11. User representation – representee configuration in the Loginapp REST API
17.2.2.12. Failed login counters and account lockout configuration
17.2.2.13. Temporary locking configuration
17.2.2.14. Remember-Me settings and configuration for the Loginapp REST API
17.2.2.15. Voluntary password change in the authentication flow in the Loginapp REST API
17.2.2.16. Additional Cronto device activation in authentication flows in the Loginapp REST API
17.2.2.17. Latest login information in the Loginapp REST API
17.2.2.18. REST behavior of permanent and temporary locking during authentication
17.2.2.19. User enumeration protection
17.2.2.20. Username transformation configuration in the Loginapp REST API
17.2.2.21. Using OAuth and OIDC with the Loginapp
17.2.2.22. Risk-based authentication in the Loginapp REST API/UI
17.2.2.23. Processing role removal information provided by Airlock Gateway
17.2.2.24. Client fingerprinting-based lockout