Webservice - Technical documentation

Authorisation Web Service

Introduction

The Email Authorisation Web Service allows a targeted population to access the Career Center, in case an SSO is not available or sufficient to filter access.

Should I develop it ? If you need to tick the three boxes below, the answer is YES !

  • I want to restrict the access to my Career Center
  • My targeted population doesn’t have the same email adress
  • I can’t add the targeted population in my SSO

In case of any question, do not hesitate to contact us to : support.careercenter@jobteaser.com

1. Authorisation

The webservice of Authorisation MUST whitelist JobTeaser Server IP and MUST be protected by the HTTP Basic Auth.

1.1. Protocol Flow

  +--------+                                 +---------------+
  |        |                                 |               |
  | Career |--(A)- Authorisation Request --->| Authorisation |
  | Center |                                 |    Server     |
  |        |<-(B)- Authorisation Response ---|               |
  +--------+                                 +---------------+

1.2. Authorisation Endpoint

The Authorisation Endpoint performs Authentication of the End-User. This is done by sending the End-User email to the Authorisation Server’s Authorisation Endpoint for Authentication and Authorisation, using request parameters.

The Authorisation Endpoint MUST be /authorize (please follow the US-English format). 

Communication with the Authorisation Endpoint MUST use TLS / SSL standards. This ensures that there will be not loss of data or manipulation.

1.3. Authorisation Request

Authorisation Servers MUST support the use of the HTTP GET methods defined in [RFC2616] at the Authorisation Endpoint.

Authorisation Endpoint uses the following request parameters:

  • email REQUIRED. Authorisation requests MUST have the email key. If the email value is not present, the behavior is entirely unspecified.

Example:

  GET /authorise?email=student@university.com HTTP/1.1
  Host: jobteaser.university.com

1.4 Authorisation Response

1.4.1 Successful Authorisation Response

Authorisation Server MUST returns JSON response with 200 (success HTTP code), with the following parameters:

  • email REQUIRED. The email given on the Authorisation Request.
  • authorised REQUIRED. Boolean to known if the End-User is authorised to access on the Carrer Center.

The following is a non-normative example successful response using this flow (with line wraps within values for display purposes only):

  HTTP/1.1 200 OK
  Content-Type: application/json
  Cache-Control: no-store
  Pragma: no-cache

  {
    "email": "student@university.com",
    "authorised": true
  }

Another example with an unauthorised answer:

  HTTP/1.1 200 OK
  Content-Type: application/json
  Cache-Control: no-store
  Pragma: no-cache

  {
    "email": "student@university.com",
    "authorised": false
  }

1.4.2. Authorisation Error Response

The Authorisation Server MUST return JSON response with an error HTTP code (like: 400, 401, etc.), with the following parameters:

  • error REQUIRED. The error reason.
  • error_message OPTIONAL. The explanation of the error for the logs.

The following is a non-normative example successful response using this flow (with line wraps within values for display purposes only):

  HTTP/1.1 200 OK
  Content-Type: application/json
  Cache-Control: no-store
  Pragma: no-cache

  {
    "error": "not_registred",
    "error_message": "The student is not registered inside our university.",
  }

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.