Login using an account in the LDAP user directory
Login using an account in the LDAP user directory.
Request parameters
| Name | Type | Required | Default value | Description | Sample value |
|---|---|---|---|---|---|
| sAMAccountName | String | Yes | - | sAMAccountName of the account in the LDAP user directory | test |
| password | String | Yes | - | User password, unencrypted by default. All GenAuth APIs use the HTTPS protocol to securely transmit passwords, which can ensure security to a certain extent. If you need a higher level of security, we also support RSA256 and the national secret SM2 password encryption method. For details, see the optional parameter options.passwordEncryptType. | passw0rd |
| options | <a SignInOptionsDto | No | - | Optional | {"passwordEncryptType":"none"} |
Example code
typescript
import { AuthenticationClient, Models } from "authing-node-sdk";
const authenticationClient = new AuthenticationClient({
// Need to replace with your GenAuth AppId, Secret and Host
appId: "GEN_AUTH_APP_ID",
appSecret: "GEN_AUTH_APP_SECRET",
appHost: "GEN_AUTH_APP_HOST",
});
(async () => {
const result = await authenticationClient.signInByLDAP({
password: "passw0rd",
sAMAccountName: "testuser",
});
console.log(JSON.stringify(result, null, 2));
})();Request response
Type: LoginTokenRespDto
| Name | Type | Description |
|---|---|---|
| statusCode | number | Business status code, which can be used to determine whether the operation is successful. 200 means success. |
| message | string | Description |
| apiCode | number | Segmented error code, which can be used to get the specific error type. |
| requestId | string | Request ID. It will be returned when the request fails. |
| data | <a LoginTokenResponseDataDto | Response data |
Sample result:
json
{
"statusCode": 200,
"message": "Operation successful",
"requestId": "934108e5-9fbf-4d24-8da1-c330328abd6c",
"data": {
"token": "openid profile",
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJqdGkiOiJ4R01uczd5cmNFckxiakNRVW9US1MiLCJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJpc3MiOiJodHRwczovL2F1dGhpbmcuY24iLCJpYXQiOjE1NTQ1Mzc4NjksImV4cCI6MTU1NDU0MTQ2OSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyBwaG9uZSBlbWFpbCIsImF1ZCI6IjVjYTc2NWUzOTMxOTRkNTg5MWRiMTkyNyJ9.wX05OAgYuXeYM7zCxhrkvTO_taqxrCTG_L2ImDmQjMml6E3GXjYA9EFK0NfWquUI2mdSMAqohX-ndffN0fa5cChdcMJEm3XS9tt6-_zzhoOojK-q9MHF7huZg4O1587xhSofxs-KS7BeYxEHKn_10tAkjEIo9QtYUE7zD7JXwGUsvfMMjOqEVW6KuY3ZOmIq_ncKlB4jvbdrduxy1pbky_kvzHWlE9El_N5qveQXyuvNZVMSIEpw8_y5iSxPxKfrVwGY7hBaF40Oph-d2PO7AzKvxEVMamzLvMGBMaRAP_WttBPAUSqTU5uMXwMafryhGdIcQVsDPcGNgMX6E1jzLA",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJub25jZSI6IjIyMTIxIiwiYXRfaGFzaCI6Ik5kbW9iZVBZOEFFaWQ2T216MzIyOXciLCJzaWQiOiI1ODM2NzllNC1lYWM5LTRjNDEtOGQxMS1jZWFkMmE5OWQzZWIiLCJhdWQiOiI1Y2E3NjVlMzkzMTk0ZDU4OTFkYjE5MjciLCJleHAiOjE1NTQ1NDE0NjksImlhdCI6MTU1NDUzNzg2OSwiaXNzIjoiaHR0cHM6Ly9hdXRoaW5nLmNuIn0.IQi5FRHO756e_eAmdAs3OnFMU7QuP-XtrbwCZC1gJntevYJTltEg1CLkG7eVhdi_g5MJV1c0pNZ_xHmwS0R-E4lAXcc1QveYKptnMroKpBWs5mXwoOiqbrjKEmLMaPgRzCOdLiSdoZuQNw_z-gVhFiMNxI055TyFJdXTNtExt1O3KmwqanPNUi6XyW43bUl29v_kAvKgiOB28f3I0fB4EsiZjxp1uxHQBaDeBMSPaRVWQJcIjAJ9JLgkaDt1j7HZ2a1daWZ4HPzifDuDfi6_Ob1ZL40tWEC7xdxHlCEWJ4pUIsDjvScdQsez9aV_xMwumw3X4tgUIxFOCNVEvr73Fg",
"refresh_token": "WPsGJbvpBjqXz6IJIr1UHKyrdVF",
"token_type": "xxx",
"expire_in": 7200
}
}Data structure
SignInOptionsDto
| Name | Type | Is it required | Description | Sample value |
|---|---|---|---|---|
| scope | string | No | The permissions that need to be requested, must include openid. If you need to obtain the phone number and email, you need to include phone email; if you need refresh_token, you need to include offline_access. Multiple scopes should be separated by spaces. The decoded content of id_token will contain the user information related fields corresponding to these scopes. - openid: Must be included. - profile: Returns birthdate, family_name, gender, given_name, locale, middle_name, name, nickname, picture, preferred_username, profile, updated_at, website, zoneinfo fields. - username: Returns username. - email: Returns email, email_verified. - phone: Returns phone_number, phone_number_verified. - offline_access: If this parameter exists, the token interface will return the refresh_token field. - roles: Returns the user's role list. - external_id: The user's user ID in the original system. - extended_fields: Returns the user's extended field information, the content is an object, the key is the extended field name, and the value is the extended field value. - tenant_id: Returns the user's tenant ID. | openid profile |
| clientIp | string | No | The real IP address of the client. By default, GenAuth will identify the IP of the request source as the IP address of the user's login. If you call this interface in the backend server, you need to set this IP to the user's real request IP. | 192.168.0.1 |
| context | string | no | Additional request context, which will be passed to the context object of the Pipeline before and after authentication. Learn how to get the additional context passed in the context parameter of the Pipeline. | {"source":"utm"} |
| tenantId | string | no | Tenant ID | 625783d629f2bd1f5ddddd98c |
| customData | object | no | Set additional user custom data. You need to configure custom data in the GenAuth console first. |