Authentication Type Discovery
Discover the authentication type of a user. With this API, applications can dynamically adjust the login requirements per user, and support either username/password or OAuth2.0 / OpenID Connect authentication schemes.
https://login.veevavault.com/auth/discoveryHeaders
Section link for Headers| Name | Description |
|---|---|
Accept | application/json (default) |
Query Parameters
Section link for Query Parameters| Name | Description |
|---|---|
username | The user’s Vault user name. |
client_id | Optional: The user's mapped Authorization Server client_id. This only applies the SSO and OAuth / OpenID Connect Profiles auth_type. Learn more about Client ID in the REST API Documentation. |
Request
Section link for Requestcurl -X POST \
-H "Accept: application/json" \
https://login.veevavault.com/auth/discovery?username=olivia@veepharm.com&client_id=veepharm-clinical-it-client-int0Response : Password User
Section link for Response : Password User{
"responseStatus": "SUCCESS",
"errors": [],
"data": {
"auth_type": "password"
}
}Response : SSO User
Section link for Response : SSO User{
"responseStatus": "SUCCESS",
"data": {
"auth_type": "sso",
"auth_profiles": [
{
"id": "_9ad0a091-cbd6-4z59-ab5a-d4f35789918c",
"label": "VeePharm",
"description": "",
"vault_session_endpoint": "https://veepharm.com/auth/oauth/session/_9ad0a091-cbd6-4z59-ab5a-d4f35789918c",
"use_adal": false,
"as_client_id":"34524523452345234523452345098098234",
"as_metadata": {
"issuer": "https://veevaintrospection.com/oauth2/asdf123",
"authorization_endpoint": "https://veevintrospection.com/oauth2/asdf123/v1/authorize",
"token_endpoint": "https://veevaintrospection.com/oauth2/asdf123/v1/token",
"registration_endpoint": "https://veevaintrospection.com/oauth2/v1/clients",
"jwks_uri": "https://veevaintrospection.com/oauth2/asdf123/v1/keys",
"response_types_supported": [
"code",
"token",
"code token"
],
"response_modes_supported": [
"query"
],
"introspection_endpoint": "https://veevatintrospection.com/oauth2/asdf1234/v1/introspect",
"introspection_endpoint_auth_methods_supported": [
"client_secret_basic",
],
"revocation_endpoint": "https://veevaintrospection.com/oauth2/asdf123/v1/revoke",
"revocation_endpoint_auth_methods_supported": [
"client_secret_basic",
],
"end_session_endpoint": "https://veevaintrospection.com/oauth2/asdf123/v1/logout"
}
}
]
}
}Response Details
Section link for Response DetailsThe response specifies the user’s authentication type (auth_type):
password: The user is configured with a username and password.sso: The user is configured with an SSO Security Policy.
If the user’s authentication type is sso, the response specifies the user’s authentication profiles (auth_profiles). If the user’s Security Policy is associated with:
- An OAuth 2.0 / OpenID Connect profile, the response will also contain the Authentication Server metadata (
as_metadata). - A SAML profile, the
auth_profilesarray will be empty.
If the Authorization Server Provider is set to use ADFS or Azure AD, the use_adal field will appear in the response as true. If the Authorization Server Provider is set to anything else, this field is false.
The oauthProviderType value depends on the configured auth provider type. Starting with v20.3, the ADFS / Azure AD option is split into two: ADFS and Azure AD. ADFS exposes the value as ADFS, while Azure AD exposes the value as Azure. Learn about Configuring OAuth 2.0 / OpenID Connect Profiles
If the user provides a client_id and Client Application client ID mapping is defined on the OAuth 2.0 / OpenID Connect profile, the as_client_id field will appear in the response with the Authorization Server client ID value. If there is no defined mapping for the specified client_id, Vault will not include the as_client_id field in the response. Learn about Client ID Mapping