OpenTV ENTera & OpenTV Platform Documentation
OpenTV ENTera & OpenTV Platform Documentation
Breadcrumbs

Signing in to a specific account (multiple OPF accounts scenario)

Request

To sign in to a specific account (when multiple accounts exist for a single SSO account, that is, the response when Signing in with SSO was an HTTP 300 status), send a POST request to:

https://<host>:<port>/ags/subsequentSignOn

Headers

  • User-Token – the userAccountToken that was returned in the response to the POST /signOn request (mandatory)

  • x-correlation-id – identifier for logging, to correlate messages across a call flow

  • x-auth-service-id – the ID of the authentication (SSO) service to be used for authentication (mandatory)

  • nv-tenant-id – the tenant ID

Mandatory arguments

  • User-Token – (in header) – see above

  • x-auth-service-id – (in header) – see above

  • parameters – an array of parameters. These are defined in the response to the GET /servicediscovery request.
    Each member of the array is a key/value pair in the following form:

    {
  "parameters": [
    {
      "name": "<name>",
      "value": "<value>"
    }
  ]
}

Other arguments

None

Example

A POST request with this payload signs the client in:

{
  "parameters": [
    {
      "name": "username",
      "value": "dave"
    }
  ]
}

Note that the contents of the parameters block depend on the requirements of the SSO provider.

Response

A successful request returns an HTTP 201 status. The response includes the access and refresh tokens.

A bad request returns an HTTP 400 status.

An unauthorised request returns an HTTP 401 status.

A forbidden request returns an HTTP 403 status.

Example

A successful response looks like this:

{
  "access_token": "eyJraWQiOiIyNTk2MjkiLCJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2NvdW50UHJvZmlsZUlkIjoiREVGQVVMVCIsInRlbmFudElkIjoibmFncmEiLCJmaWx0ZXJpbmdJbmZvcm1hdGlvbiI6e30sImJsb2NraW5nSW5mb3JtYXRpb24iOnt9LCJhY2NvdW50SWQiOiIxNjYzIiwidXNlcklkIjoiMTY2MyIsInZlciI6IjEuMCIsImdlb0Jsb2NrRXhlbXB0IjpmYWxzZSwicGFyZW50YWxDb250cm9sIjpudWxsLCJ0eXAiOiJEZXZBdXRoTiIsImp0aSI6IjQ3ODkwMjM0MjM3MTQwODk0NzgiLCJwbGF5b3V0RGV2aWNlQ2xhc3MiOm51bGwsImRldmljZUlkIjoiUFVCXzk4OSIsImV4cCI6MTY1NDg3NzA5MywiZml4ZWRfZXhwIjoxNjU3NDY1NDkzLCJvbk5ldHdvcmsiOnRydWUsInNlc3Npb25Db250cm9sIjp7Im1heFNlc3Npb25zIjozLCJzZXNzaW9uQ29udHJvbEVuYWJsZWQiOnRydWV9LCJiaWxsaW5nQ291bnRyeUNvZGUiOiJFbXB0eUNvdW50cnkifQ.y9tc1RZVS8un0N1oHHEnRAJeM6frgjlLrbzBgCXjqXk",
  "refresh_token": "eyJraWQiOiIyNTk2MjkiLCJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2ZXIiOiIxLjAiLCJ0ZW5hbnRJZCI6Im5hZ3JhIiwic2Vzc2lvbkNvbnRyb2wiOnsibWF4U2Vzc2lvbnMiOjMsInNlc3Npb25Db250cm9sRW5hYmxlZCI6dHJ1ZX0sImFjY291bnRQcm9maWxlSWQiOiJERUZBVUxUIiwiZGV2aWNlSWQiOiJQVUJfOTg5IiwiZml4ZWRfZXhwIjoxNjU3NDY1NDkzLCJleHAiOjE2NTUwNDYyOTMsImFjY291bnRJZCI6IjE2NjMiLCJqdGkiOiI0Nzg5MDIzNDIzNzE0MDg5NDc4IiwidXNlcklkIjoiMTY2MyIsInR5cCI6IlJlZnJlc2hBdXRoTiJ9.ipL6gundtQ8Iai5qTXPpO6sviEAdLwP0Bt9aDO95yuc",
  "client_id": "PUB_989",
  "accountId": "1663",
  "token_type": "bearer",
  "expires_in": 3600,
  "refresh_expires_in": 172800,
  "fixed_refresh_expires_in": 2592000
}

See also

For full details of this API, see the Authentication Gateway Service (AGS) API documentation.