DocumentationAdobe PassAdobe Pass Authentication

Retrieve partner authentication request retrieve-partner-authentication-request

Last update: Fri Dec 06 2024 00:00:00 GMT+0000 (Coordinated Universal Time)
IMPORTANT
The content on this page is provided for information purposes only. Usage of this API requires a current license from Adobe. No unauthorized use is permitted.
IMPORTANT
REST API V2 implementation is bounded by the Throttling mechanism documentation.

Request request

HTTP
path
/api/v2/{serviceProvider}/sessions/sso/{partner}
method
POST
Path Parameters
serviceProvider
The internal unique identifier associated with the Service Provider during onboarding process.
required
partner
The name of the partner (e.g., Apple) that provides the single sign-on framework integrated with Adobe Pass Authentication flows.
required
Body Parameters
domainName
The originating domain of the application performing MVPD login.

If the streaming device platform has limitations in providing a value, then an application will have to resume the authentication session and provide a valid value.

This will be used in case of fallback scenarios where the response indicates that the streaming application should proceed with the basic authentication flow.
required
redirectUrl
The final redirect URL to which the user agent navigates when the authentication flow for the MVPD is completed.

The value must be URL-encoded.

If the streaming device platform has limitations in providing a value, then an application will have to resume the authentication session and provide a valid value.

This will be used in case of fallback scenarios where the response indicates that the streaming application should proceed with the basic authentication flow.
required
Headers
Authorization
The generation of the bearer token payload is described in the Authorization header documentation.
required
Content-Type
The accepted media type for the resources being sent.

It must be application/x-www-form-urlencoded.
required
AP-Device-Identifier
The generation of the device identifier payload is described in the AP-Device-Identifier header documentation.
required
X-Device-Info
The generation of the device information payload is described in the X-Device-Info header documentation.

It is strongly recommended to always use it when the application's device platform allows for the explicit provision of valid values.

When provided, the Adobe Pass Authentication backend will merge explicitly set values with extracted values implicitly (by default).

When not provided, the Adobe Pass Authentication backend will use extracted values implicitly (by default).
required
AP-Partner-Framework-Status
The generation of the single sign-on payload for the Partner method is described in the AP-Partner-Framework-Status header documentation.

For more details about single sign-on enabled flows using a partner, refer to the Single sign-on using partner flows documentation.
optional
X-Forwarded-For
The IP address of the streaming device.

It is strongly recommended to always use it for server to server implementations, particularly when the call is made by the programmer service rather than the streaming device.

For client to server implementations, the IP address of the streaming device is sent implicitly.
optional
Accept
The media type accepted by the client application.

If specified, it must be application/json.
optional
User-Agent
The user agent of the client application.
optional

Response response

Code
Text
Description
200
OK
The response body contains information about the next actions needed to perform authentication.
400
Bad Request
The request is invalid, the client needs to correct the request and try again. The response body may contain error information that adheres to the Enhanced Error Codes documentation.
401
Unauthorized
The access token is invalid, the client needs to obtain a new access token and try again. For more details refer to the Dynamic Client Registration Overview documentation.
405
Method Not Allowed
The HTTP method is invalid, the client needs to use an HTTP method that is permitted for the requested resource and try again. For more details refer to the Request section.
500
Internal Server Error
The server side encountered an issue. The response body may contain error information that adheres to the Enhanced Error Codes documentation.

Success success

Headers
Status
200
required
Content-Type
application/json
required
Body

JSON object having the following attributes:

table 0-row-3 1-row-3 2-row-3 3-row-3 4-row-3 5-row-3 6-row-3 7-row-3 8-row-3 9-row-3 1-bgcolor-eff2f7 2-bgcolor-eff2f7 3-bgcolor-eff2f7 5-bgcolor-deebff 9-bgcolor-deebff 13-bgcolor-deebff 17-bgcolor-deebff 21-bgcolor-deebff 25-bgcolor-deebff 29-bgcolor-deebff 33-bgcolor-deebff 37-bgcolor-deebff layout-auto html-authored
Attribute
actionName

The action the streaming device needs to perform in order to complete the authentication flow.

The possible values are:

  • partner_profile
    The streaming device can use the provided partner authentication request to obtain a partner authentication response that can be leveraged to retrieve a profile.
  • authenticate
    When the partner single sign-on flow cannot proceed, the streaming device can fall back to the basic authentication flow.
    The streaming device or another device needs to open the provided URL in a user agent.
  • resume
    When the partner single sign-on flow cannot proceed, the streaming device can fall back to the basic authentication flow.
    The streaming device or another device needs to provide the missing parameters and resume the authentication session using the code.
  • authorize
    The streaming device can directly proceed with decisions flows.
 required
actionType

The type of interaction the streaming device must perform in order to continue the flow with the action specified by the 'actionName' attribute.

The possible values are:

  • interactive
    The flow continues with a navigation to the provided URL using a user agent.
  • direct
    The flow continues with a direct call to the provided URL using an HTTP client available for the client implementation.
 required
missingParameters The missing parameters that need to be provided in order to complete the basic authentication flow.

This field is present when the partner single sign-on flow cannot proceed.		 optional
url The URL where the client application needs to navigate. required
code The authentication code that can be used on a secondary application to resume the authentication session.

This field is present when the partner single sign-on flow cannot proceed.		 optional
authenticationRequest

The partner authentication request to be used in the authentication flow with the partner outside of Adobe Pass Authentication system.

This field is present when the partner single sign-on flow can proceed.

JSON object having the following attributes:

  • type
    Indicates the type of protocol supported by the MVPD (SAML only).
  • request
    The SAML request.
  • attributes
    The SAML request attributes.
 optional
sessionId The opaque identifier that can be used for tracking user activity. required
mvpd The internal unique identifier associated with the Identity Provider during onboarding process. optional
serviceProvider The internal unique identifier associated with the Service Provider during onboarding process. required

Error error

Headers
Status
400, 401, 405, 500
required
Content-Type
application/json
required
Body
The response body may provide additional error information that adheres to the Enhanced Error Codes documentation.
required

Samples samples

1. Retrieve partner authentication request

Request
code language-https 
POST /api/v2/REF30/sessions/sso/Apple HTTP/1.1

    Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjNGZjM2U3ZS0xMmQ5LTQ5NWQtYjc0Mi02YWVhYzhhNDkwZTciLCJuYmYiOjE3MjQwODc4NjgsImlzcyI6ImF1dGguYWRvYmUuY29tIiwic2NvcGVzIjoiYXBpOmNsaWVudDp2MiIsImV4cCI6MTcyNDEwOTQ2OCwiaWF0IjoxNzI0MDg3ODY4fQ.DJ9GFl_yKAp2Qw-NVcBeRSnxIhqrwxhns5T5jU31N2tiHxCucKLSQ5guBygqkkJx6D0N_93f50meEEyfb7frbHhVHHwmRjHYjkfrWqHCpviwVjVZKKwl8Y3FEMb0bjKIB8p_E3txX9IbzeNGWRufZBRh2sxB5Q9B7XYINpVfh8s_sFvskrbDu5c01neCx5kEagEW5CtE0_EXTgEb5FSr_SfQG3UUu_iwlkOggOh_kOP_5GueElf9jn-bYBMnpObyN5s-FzuHDG5Rtac5rvcWqVW2reEqFTHqLI4rVC7UKQb6DSvPBPV4AgrutAvk30CYgDsOQILVyrjniincp7r9Ww
    Content-Type: application/x-www-form-urlencoded
    AP-Device-Identifier: fingerprint YmEyM2QxNDEtZDcxNS01NjFjLTk0ZjQtZTllNGM5NjZiMWVi
    X-Device-Info: ewoJInByaW1hcnlIYXJkd2FyZVR5cGUiOiAiU2V0VG9wQm94IiwKCSJtb2RlbCI6ICJUViA1dGggR2VuIiwKCSJtYW51ZmFjdHVyZXIiOiAiQXBwbGUiLAoJIm9zTmFtZSI6ICJ0dk9TIgoJIm9zVmVuZG9yIjogIkFwcGxlIiwKCSJvc1ZlcnNpb24iOiAiMTEuMCIKfQ==
    AP-Partner-Framework-Status: ewogICAgImZyYW1ld29ya1Blcm1pc3Npb25JbmZvIjogewogICAgICAiYWNjZXNzU3RhdHVzIjogImdyYW50ZWQiCiAgICB9LAogICAgImZyYW1ld29ya1Byb3ZpZGVySW5mbyIgOiB7CiAgICAgICJpZCIgOiAiQ2FibGV2aXNpb24iLAogICAgICAiZXhwaXJhdGlvbkRhdGUiIDogIjIwMjU0MzA2MzYwMDAiCiAgICB9Cn0=
    Accept: application/json
    User-Agent: Mozilla/5.0 (Apple TV; U; CPU AppleTV5,3 OS 11.0 like Mac OS X; en_US)

Body:

domainName=adobe.com&redirectUrl=https%3A%2F%2Fadobe.com
Response
code language-https 
HTTP/1.1 200 OK

Content-Type: application/json;charset=UTF-8

{
    "actionName": "partner_profile",
    "actionType": "direct",
    "url": "/api/v2/REF30/profiles/sso/Apple",
    "sessionId": "83c046be-ea4b-4581-b5f2-13e56e69dee9",
    "mvpd": "Cablevision",
    "serviceProvider": "REF30",
    "authenticationRequest": {
        "type": "saml",
        "request": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRG....",
        "attributesNames": ["uid", "NameID", "uniqueId"]
   }
}

2. Retrieve partner authentication request, but degradation is applied

Request
code language-https 
POST /api/v2/REF30/sessions/sso/Apple HTTP/1.1

    Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjNGZjM2U3ZS0xMmQ5LTQ5NWQtYjc0Mi02YWVhYzhhNDkwZTciLCJuYmYiOjE3MjQwODc4NjgsImlzcyI6ImF1dGguYWRvYmUuY29tIiwic2NvcGVzIjoiYXBpOmNsaWVudDp2MiIsImV4cCI6MTcyNDEwOTQ2OCwiaWF0IjoxNzI0MDg3ODY4fQ.DJ9GFl_yKAp2Qw-NVcBeRSnxIhqrwxhns5T5jU31N2tiHxCucKLSQ5guBygqkkJx6D0N_93f50meEEyfb7frbHhVHHwmRjHYjkfrWqHCpviwVjVZKKwl8Y3FEMb0bjKIB8p_E3txX9IbzeNGWRufZBRh2sxB5Q9B7XYINpVfh8s_sFvskrbDu5c01neCx5kEagEW5CtE0_EXTgEb5FSr_SfQG3UUu_iwlkOggOh_kOP_5GueElf9jn-bYBMnpObyN5s-FzuHDG5Rtac5rvcWqVW2reEqFTHqLI4rVC7UKQb6DSvPBPV4AgrutAvk30CYgDsOQILVyrjniincp7r9Ww
    Content-Type: application/x-www-form-urlencoded
    AP-Device-Identifier: fingerprint YmEyM2QxNDEtZDcxNS01NjFjLTk0ZjQtZTllNGM5NjZiMWVi
    X-Device-Info: ewoJInByaW1hcnlIYXJkd2FyZVR5cGUiOiAiU2V0VG9wQm94IiwKCSJtb2RlbCI6ICJUViA1dGggR2VuIiwKCSJtYW51ZmFjdHVyZXIiOiAiQXBwbGUiLAoJIm9zTmFtZSI6ICJ0dk9TIgoJIm9zVmVuZG9yIjogIkFwcGxlIiwKCSJvc1ZlcnNpb24iOiAiMTEuMCIKfQ==
    AP-Partner-Framework-Status: ewogICAgImZyYW1ld29ya1Blcm1pc3Npb25JbmZvIjogewogICAgICAiYWNjZXNzU3RhdHVzIjogImdyYW50ZWQiCiAgICB9LAogICAgImZyYW1ld29ya1Byb3ZpZGVySW5mbyIgOiB7CiAgICAgICJpZCIgOiAiJHtkZWdyYWRlZE12cGR9IiwKICAgICAgImV4cGlyYXRpb25EYXRlIiA6ICIyMDI1NDMwNjM2MDAwIgogICAgfQp9
    Accept: application/json
    User-Agent: Mozilla/5.0 (Apple TV; U; CPU AppleTV5,3 OS 11.0 like Mac OS X; en_US)

Body:

domainName=adobe.com&redirectUrl=https%3A%2F%2Fadobe.com
Response
code language-https 
HTTP/1.1 200 OK

Content-Type: application/json;charset=UTF-8

{
    "actionName": "authorize",
    "actionType": "direct",
    "url": "/api/v2/REF30/decisions/authorize/${degradedMvpd}",
    "sessionId": "14d4f239-e3b1-4a4a-b8b3-6395b968a260",
    "mvpd": "${degradedMvpd}",
    "serviceProvider": "REF30"
}

3. Retrieve partner authentication request, but fall backs to basic authentication flow without missing parameters

IMPORTANT
Assumptions
  • Fall backs to the basic authentication flow due to partner single sign-on parameters or to the partner single sign-on configuration on Adobe Pass backend.
Request
code language-https 
POST /api/v2/REF30/sessions/sso/Apple HTTP/1.1

    Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjNGZjM2U3ZS0xMmQ5LTQ5NWQtYjc0Mi02YWVhYzhhNDkwZTciLCJuYmYiOjE3MjQwODc4NjgsImlzcyI6ImF1dGguYWRvYmUuY29tIiwic2NvcGVzIjoiYXBpOmNsaWVudDp2MiIsImV4cCI6MTcyNDEwOTQ2OCwiaWF0IjoxNzI0MDg3ODY4fQ.DJ9GFl_yKAp2Qw-NVcBeRSnxIhqrwxhns5T5jU31N2tiHxCucKLSQ5guBygqkkJx6D0N_93f50meEEyfb7frbHhVHHwmRjHYjkfrWqHCpviwVjVZKKwl8Y3FEMb0bjKIB8p_E3txX9IbzeNGWRufZBRh2sxB5Q9B7XYINpVfh8s_sFvskrbDu5c01neCx5kEagEW5CtE0_EXTgEb5FSr_SfQG3UUu_iwlkOggOh_kOP_5GueElf9jn-bYBMnpObyN5s-FzuHDG5Rtac5rvcWqVW2reEqFTHqLI4rVC7UKQb6DSvPBPV4AgrutAvk30CYgDsOQILVyrjniincp7r9Ww
    Content-Type: application/x-www-form-urlencoded
    AP-Device-Identifier: fingerprint YmEyM2QxNDEtZDcxNS01NjFjLTk0ZjQtZTllNGM5NjZiMWVi
    X-Device-Info: ewoJInByaW1hcnlIYXJkd2FyZVR5cGUiOiAiU2V0VG9wQm94IiwKCSJtb2RlbCI6ICJUViA1dGggR2VuIiwKCSJtYW51ZmFjdHVyZXIiOiAiQXBwbGUiLAoJIm9zTmFtZSI6ICJ0dk9TIgoJIm9zVmVuZG9yIjogIkFwcGxlIiwKCSJvc1ZlcnNpb24iOiAiMTEuMCIKfQ==
    AP-Partner-Framework-Status: ewogICAgImZyYW1ld29ya1Blcm1pc3Npb25JbmZvIjogewogICAgICAiYWNjZXNzU3RhdHVzIjogImdyYW50ZWQiCiAgICB9LAogICAgImZyYW1ld29ya1Byb3ZpZGVySW5mbyIgOiB7CiAgICAgICJpZCIgOiAiQ2FibGV2aXNpb24iLAogICAgICAiZXhwaXJhdGlvbkRhdGUiIDogIjIwMjU0MzA2MzYwMDAiCiAgICB9Cn0=
    Accept: application/json
    User-Agent: Mozilla/5.0 (Apple TV; U; CPU AppleTV5,3 OS 11.0 like Mac OS X; en_US)

Body:

domainName=adobe.com&redirectUrl=https%3A%2F%2Fadobe.com
Response
code language-https 
HTTP/1.1 200 OK

Content-Type: application/json;charset=UTF-8

{
    "actionName": "authenticate",
    "actionType": "interactive",
    "url": "/api/v2/authenticate/REF30/OKTWW2W",
    "code": "OKTWW2W",
    "sessionId": "748f0b9e-a2ae-46d5-acd9-4b4e6d71add7",
    "mvpd": "Cablevision",
    "serviceProvider": "REF30"
}

4. Retrieve partner authentication request, but fallback to basic authentication flow with missing parameters

IMPORTANT
Assumptions
  • Fall backs to the basic authentication flow due to partner single sign-on parameters or to the partner single sign-on configuration on Adobe Pass backend.
Request
code language-https 
POST /api/v2/REF30/sessions/sso/Apple HTTP/1.1

    Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjNGZjM2U3ZS0xMmQ5LTQ5NWQtYjc0Mi02YWVhYzhhNDkwZTciLCJuYmYiOjE3MjQwODc4NjgsImlzcyI6ImF1dGguYWRvYmUuY29tIiwic2NvcGVzIjoiYXBpOmNsaWVudDp2MiIsImV4cCI6MTcyNDEwOTQ2OCwiaWF0IjoxNzI0MDg3ODY4fQ.DJ9GFl_yKAp2Qw-NVcBeRSnxIhqrwxhns5T5jU31N2tiHxCucKLSQ5guBygqkkJx6D0N_93f50meEEyfb7frbHhVHHwmRjHYjkfrWqHCpviwVjVZKKwl8Y3FEMb0bjKIB8p_E3txX9IbzeNGWRufZBRh2sxB5Q9B7XYINpVfh8s_sFvskrbDu5c01neCx5kEagEW5CtE0_EXTgEb5FSr_SfQG3UUu_iwlkOggOh_kOP_5GueElf9jn-bYBMnpObyN5s-FzuHDG5Rtac5rvcWqVW2reEqFTHqLI4rVC7UKQb6DSvPBPV4AgrutAvk30CYgDsOQILVyrjniincp7r9Ww
    Content-Type: application/x-www-form-urlencoded
    AP-Device-Identifier: fingerprint YmEyM2QxNDEtZDcxNS01NjFjLTk0ZjQtZTllNGM5NjZiMWVi
    X-Device-Info: ewoJInByaW1hcnlIYXJkd2FyZVR5cGUiOiAiU2V0VG9wQm94IiwKCSJtb2RlbCI6ICJUViA1dGggR2VuIiwKCSJtYW51ZmFjdHVyZXIiOiAiQXBwbGUiLAoJIm9zTmFtZSI6ICJ0dk9TIgoJIm9zVmVuZG9yIjogIkFwcGxlIiwKCSJvc1ZlcnNpb24iOiAiMTEuMCIKfQ==
    AP-Partner-Framework-Status: ewogICAgImZyYW1ld29ya1Blcm1pc3Npb25JbmZvIjogewogICAgICAiYWNjZXNzU3RhdHVzIjogImdyYW50ZWQiCiAgICB9LAogICAgImZyYW1ld29ya1Byb3ZpZGVySW5mbyIgOiB7CiAgICAgICJpZCIgOiAiQ2FibGV2aXNpb24iLAogICAgICAiZXhwaXJhdGlvbkRhdGUiIDogIjIwMjU0MzA2MzYwMDAiCiAgICB9Cn0=
    Accept: application/json
    User-Agent: Mozilla/5.0 (Apple TV; U; CPU AppleTV5,3 OS 11.0 like Mac OS X; en_US)

Body:

domainName=adobe.com
Response
code language-https 
HTTP/1.1 200 OK

Content-Type: application/json;charset=UTF-8

{
    "actionName": "resume",
    "actionType": "direct",
    "missingParameters": [
          "redirectUrl"
    ],
    "url": "/api/v2/REF30/sessions/SB7ZRIO",
    "code": "SB7ZRIO",
    "sessionId": "1476173f-5088-43b8-b7c3-8cf3a185de0a",
    "mvpd": "Cablevision",
    "serviceProvider": "REF30"
}
recommendation-more-help
3f5e655c-af63-48cc-9769-2b6803cc5f4b