AAC API

The Swagger UI for the AAC API is available at http://localhost:8080/aac/swagger-ui.html.

Profile API

To obtain the basic user data the following call should be performed (scope profile.basicprofile.me):

GET /aac/basicprofile/me HTTPS/1.1
Host: aacserver.com
Accept: application/json
Authorization: Bearer <token-value>

If the token is valid, this returns the user data:

{
"name": "Mario",
"surname": "Rossi",
"userId": "6789",
"username": "mario@gmail.com"
}

To obtain the account-related data (e.g., the Identity Provider-specific attributes), the following call should be performed (scope profile.accountprofile.me):

GET /aac/accountprofile/me HTTPS/1.1
Host: aacserver.com
Accept: application/json
Authorization: Bearer <token-value>

If the token is valid, this returns the user data, e.g.,

{
  "name": "Mario",
  "surname": "Rossi",
  "username": "rossi@gmail.com",
  "userId": "1",
  "accounts": {
    "google": {
      "it.smartcommunitylab.aac.surname": "Rossi",
      "it.smartcommunitylab.aac.username": "rossi@gmail.com",
      "it.smartcommunitylab.aac.givenname": "Mario",
      "email": "rossi@gmail.com"
    }
  }
}

Token API

To get the information associated to the token (ITEF RFC7662), the following API may be used

POST /aac/token_introspection?token=<token-value> HTTPS/1.1
Host: aacserver.com
Accept: application/json
Authorization: Basic <client-credentials>

The data provided represents the information about the app, the user, validity, and scopes.

{
  "active": true,
  "client_id": "7b4f9b2a-71f6-412d-93e6-030c14910083",
  "scope": "profile.basicprofile.me profile.accountprofile.me openid"
  "username": "admin@carbon.super",
  "token_type": "Bearer",
  "sub": "8",
  "iss": "https://aac.example.com",
  "aud": "7b4f9b2a-71f6-412d-93e6-030c14910083",
  "exp": 123456789,
  "iat": 123450000,
  "nbf": 123456788,
  "aac_user_d": "8",
  "aac_grantType": "implicit",
  "aac_applicationToken": false,
  "aac_am_tenant": "tenant1.com"
}

Role API

The role API allows for the checking the role of the specific users. More details can be found on the Swagger documentation.

OpenID API

The OpenID userinfo endpoint allows for getting the standard user info claims (scopes profile, email). The response is provided in the form of JSON object or JWT token.

GET /aac/userinfo HTTPS/1.1
Host: aacserver.com
Accept: application/json
Authorization: Bearer <token-value>

The data provided represents the subset of standard OpenID claims.

{
  "sub": "123456789",
  "name": "Mario Rossi",
  "preferred_username": "rossi@mario.com",
  "given_name": "Mario",
  "family_name": "Rossi",
  "email": "rossi@mario.com",
}