GET user.info (Webhook)

Owned by Technische Redaktion
Last updated: Sept 01, 2023
1 min read
As of Version2019 Winter
HTTP MethodGET
Response FormatJSON
Parameter

String tenant, String userID

Description

Retrieves roles and any additional available information about the current user logging in to the authentication system from the URL.

As of 2023 Summer, an optional abac section can be specified to allow for attribute-based access control. If specified, the abac section has to be a map with single string keys and a list of strings as value for each key. Find an example below.

In the predicate, the tenant of the user who sent the request can be referenced to formulate a condition.

Requirements for External EndpointThe target URL must return the JSON structure shown in the example response below.
Called by ServiceAuthentication service
Example Response
{
	"username": "111a222b-3c44-5d66-7777-8e999f0000a1",
	"id": "222a333b-4c55-6d77-8888-9e000f1111a2",
	"domain": "dd",
	"tenant": "default",
	"authorities": [
		"TENANT_ADMIN",
		"SYSTEM_INTEGRATOR",
		"ACCESS_FOREIGN_JOURNAL_OBJECTS"
	],
	"accountNonExpired": true,
	"accountNonLocked": true,
	"credentialsNonExpired": true,
	"enabled": true
}

With abac section (available as of 2023 Summer):

{
	"username": "111a222b-3c44-5d66-7777-8e999f0000a1",
	"id": "222a333b-4c55-6d77-8888-9e000f1111a2",
	"domain": "dd",
	"tenant": "default",
	"authorities": [
		"TENANT_ADMIN",
		"SYSTEM_INTEGRATOR",
		"ACCESS_MAILBOXES"
	], 
    "abac": {
      "mailGroups": [
           "mailbox_sales",
           "mailbox_pm"
       ],
       "sap_permissions": [
           "sap_read",
           "sap_write"
       ]
    },
	"accountNonExpired": true,
	"accountNonLocked": true,
	"credentialsNonExpired": true,
	"enabled": true
}
Example Predicate

Check if the calling user belongs to the default tenant:

spel:'default'.equals(options['tenant'])