Index BlackBerry Workspaces SDK
BlackBerry Workspaces Resource
Authentication
Functions for handling authentication.
Function Summary
Name Path Version Description

authorizeOAuth2V30

/3.0/authentication/authorize

3.0

Get authorization code.

getAuthenticationParametersV30

/3.0/authentication/parameters

3.0

Gets the method used to authenticate the user session, whether with the BlackBerry Workspaces servers or with an oauth2 server.

getOIDCPublicKeyV30

/3.0/authentication/oidc/jwk/publicKey

3.0

getOrRefreshAccessTokenByPostV30

/3.0/authentication/token

3.0

Gets or refreshes an Access token by using POST.

getOrRefreshAccessTokenV30

/3.0/authentication/token

3.0

Get or refresh an Access token.

getUsernamePasswordAccountCreationStatusV30

/3.0/authentication/account/creation/status

3.0

Function Details

authorizeOAuth2V30

Get authorization code. This method is used as part of authenticating using the OAuth2 protocol. This method redirect the call to the signin page.

Version: 3.0
Synopsis: GET
Path: /3.0/authentication/authorize
Request Body: N/A
Response Headers: N/A
Response Body: N/A

Query parameters:

client_id: String - The identifier for the application making the request.
redirect_uri: String - A URL where an application where an application should be redirected after a users has successfully been authenticated.
response_type: String - An OAuth Response Type. It should be set to "code".

Request format:

GET /3.0/authentication/authorize

Authorization: Bearer <ssid>

Response format:

HTTP/1.1 200 OK

void

getAuthenticationParametersV30

Gets the method used to authenticate the user session, whether with the BlackBerry Workspaces servers or with an oauth2 server.

Version: 3.0
Synopsis: GET
Path: /3.0/authentication/parameters
Request Body: N/A
Response Headers: N/A
Response Body: AuthenticationParameters

Query parameters:

clientId: String - Identifier for the client application to fetch parameters for. If no value is provide. (optional, default: "").
userEmail: String - Email address of the user to fetch the Authentication parameters for. If no value is provided returns the parameters for the organization. (optional, default: "").

Request format:

GET /3.0/authentication/parameters

Authorization: Bearer <ssid>

Response format:

HTTP/1.1 200 OK

Content-type: application/json

{
isOauth: Boolean,
isWatchDoxOauth: Boolean,
authorizationUri: String,
accessTokenUri: String,
logoutUri: String,
primaryDomainUri: String,
createAccountUri: String,
authenticationMethod: AuthenticationMethod,
isMultiModeOrganization: Boolean,
supportsAdSso: Boolean,
changePasswordUri: String,
isBBEidIDP: Boolean,
multimodeUri: String
}

getOIDCPublicKeyV30

Account Registration status

Version: 3.0
Synopsis: GET
Path: /3.0/authentication/oidc/jwk/publicKey
Request Body: N/A
Response Headers: N/A
Response Body: OidcPublicKeyResult

Request format:

GET /3.0/authentication/oidc/jwk/publicKey

Authorization: Bearer <ssid>

Response format:

HTTP/1.1 200 OK

Content-type: application/json

{
e: String,
kty: String,
n: String,
kid: String
}

getOrRefreshAccessTokenByPostV30

Gets or refreshes an Access token by using POST. This method is used as part of authenticating using the OAuth2 protocol. After initially authenticating a a user, this method can be used to obtain an Access token and a Refresh token using the "code" returned on the redirect URL. If an application had previously retrieved an Access token and Refresh token, and the Access token expires, this method can be used to obtain a fresh set of tokens by passing the Refresh token obtained previously.

Version: 3.0
Synopsis: POST
Path: /3.0/authentication/token
Request Body: N/A
Response Headers: N/A
Response Body: GetOrRefreshAccessTokenResponse

Data form parameters:

client_id: String - The identifier for the application making the request.
client_secret: String - The client secret or password created for the application identified by client_id.
code: String - The code provided on the redirected URL after authentication. The code is only used when getting an Access Token, not when refreshing a token.
grant_type: String - An OAuth Grant Type. Currently only "authorization_code" and "refresh_token" are supported. "authorization_code" should be used when making a request to authenticate a user and get a new Access Token. "refresh_token" is used when refreshing an Access Token after the current token has expired.
redirect_uri: String - A URL where an application where an application should be redirected after a users has successfully been authenticated.
refresh_token: String - A Refresh Token previously obtained from the server after authenticating a user. The Refresh Token is used to obtain a new Access Token and Refresh Token after an existing Access Token has expired.
scope: Set - Not currently used.

Request format:

POST /3.0/authentication/token

Authorization: Bearer <ssid>
Content-type: application/x-www-form-urlencoded

Response format:

HTTP/1.1 200 OK

Content-type: application/json

{
error: String,
error_description: String,
token_type: String,
refresh_token: String,
expires_in: Long,
access_token: String
}

getOrRefreshAccessTokenV30

Get or refresh an Access token. This method is used as part of authenticating using the OAuth2 protocol. After initially authenticating a a user, this method can be used to obtain an Access token and a Refresh token using the "code" returned on the redirect URL. If an application had previously retrieved an Access token and Refresh token, and the Access token expires, this method can be used to obtain a fresh set of tokens by passing the Refresh token obtained previously.

Version: 3.0
Synopsis: GET
Path: /3.0/authentication/token
Request Body: N/A
Response Headers: N/A
Response Body: GetOrRefreshAccessTokenResponse

Query parameters:

client_id: String - The identifier for the application making the request.
client_secret: String - The client secret or password created for the application identified by client_id.
code: String - The code provided on the redirected URL after authentication. The code is only used when getting an Access Token, not when refreshing a token.
grant_type: String - An OAuth Grant Type. Currently only "authorization_code" and "refresh_token" are supported. "authorization_code" should be used when making a request to authenticate a user and get a new Access Token. "refresh_token" is used when refreshing an Access Token after the current token has expired.
redirect_uri: String - A URL where an application where an application should be redirected after a users has successfully been authenticated.
refresh_token: String - A Refresh Token previously obtained from the server after authenticating a user. The Refresh Token is used to obtain a new Access Token and Refresh Token after an existing Access Token has expired.
scope: Set - Not currently used.

Request format:

GET /3.0/authentication/token

Authorization: Bearer <ssid>

Response format:

HTTP/1.1 200 OK

Content-type: application/json

{
error: String,
error_description: String,
token_type: String,
refresh_token: String,
expires_in: Long,
access_token: String
}

getUsernamePasswordAccountCreationStatusV30

Account Registration status

Version: 3.0
Synopsis: POST
Path: /3.0/authentication/account/creation/status
Request Body: AccountCreationStatusRequest
Response Headers: N/A
Response Body: AccountCreationStatusResult

Request format:

POST /3.0/authentication/account/creation/status

Authorization: Bearer <ssid>
Content-type: application/json

{
usernamePasswordAccountCreationGuid: String
}

Response format:

HTTP/1.1 200 OK

Content-type: application/json

{
userPasswordRegisteredAccount: Boolean
}