Authentification¶
L’API Web DHIS2 est compatible avec deux protocoles d’authentification, l”authentification de base et OAuth2. Vous pouvez vérifier et obtenir des informations sur l’utilisateur actuellement authentifié en envoyant une requête GET à l’URL suivante :
Ce lien fournit le résultat suivant :
status |
Time |
Size |
200 OK |
1668 ms |
3.13 KB |
{
"lastUpdated": "2021-11-09T13:38:14.392",
"id": "xxxxxxxxxxx",
"created": "2019-10-11T15:17:56.151",
"name": "xxxxxxxxxxx",
"gender": "gender_male",
"displayName": "xxxxxxxxxxx",
"jobTitle": "xxxxxxxxxxx",
"externalAccess": false,
"surname": "xxxxxxxxxxx",
"employer": "Unité de Coordination des Projets (UCP) du MSanP",
"email": "xxxxxxxxxxx@xxxxxxxxxxx.org",
"lastCheckedInterpretations": "2021-11-09T13:38:14.392",
"firstName": "Publique",
"phoneNumber": "xxxxxxxxxxx",
"nationality": "MALAGASY",
"favorite": false,
"access": {
"read": false,
"update": false,
"externalize": false,
"delete": false,
"write": false,
"manage": false
},
"userCredentials": {
"lastUpdated": "2022-06-22T13:08:35.212",
"id": "xxxxxxxxxxx",
"created": "2021-09-22T11:52:06.358",
"name": "xxxxxxxxxxx",
"lastLogin": "2022-06-22T13:08:35.212",
"displayName": "xxxxxxxxxxx",
"externalAuth": false,
"externalAccess": false,
"disabled": false,
"twoFA": false,
"passwordLastUpdated": "2021-09-22T11:52:06.358",
"invitation": false,
"selfRegistered": false,
"favorite": false,
"username": "xxxxxxxxxxx",
"userInfo": {
"id": "xxxxxxxxxxx"
},
"access": {
"read": true,
"update": true,
"externalize": false,
"delete": true,
"write": true,
"manage": true
},
"user": {
"displayName": "xxxxxxxxxxx",
"id": "xxxxxxxxxxx",
"username": "xxxxxxxxxxx"
},
"favorites": [],
"cogsDimensionConstraints": [],
"catDimensionConstraints": [],
"translations": [],
"userGroupAccesses": [],
"attributeValues": [],
"userRoles": [
{
"id": "xxxxxxxxxxx"
}
],
"userAccesses": []
},
"settings": {
"keyMessageSmsNotification": true,
"keyDbLocale": "fr",
"keyStyle": "light_blue/light_blue.css",
"keyUiLocale": "fr",
"keyAnalysisDisplayProperty": "name",
"keyMessageEmailNotification": true
},
"favorites": [],
"teiSearchOrganisationUnits": [],
"translations": [],
"organisationUnits": [
{
"id": "xxxxxxxxxxx"
}
],
"dataViewOrganisationUnits": [
{
"id": "xxxxxxxxxxx"
}
],
"userGroupAccesses": [],
"attributeValues": [],
"userGroups": [
{
"id": "xxxxxxxxxxx"
},
{
"id": "xxxxxxxxxxx"
}
],
"userAccesses": [],
"authorities": [
"M_dhis-web-data-quality",
"F_REPORT_PUBLIC_ADD",
"M_dhis-web-pivot",
"F_EXTERNAL_MAP_LAYER_PUBLIC_ADD",
"M_Score_Card_Widget",
"F_MAP_PUBLIC_ADD",
"M_Immunization_analysis",
"F_SEND_EMAIL",
"F_DATAVALUE_ADD",
"M_dhis-web-visualizer",
"M_dhis-web-maps",
"F_DASHBOARD_PUBLIC_ADD",
"M_dhis-web-reporting",
"M_dhis-web-data-visualizer",
"M_dhis-web-dashboard",
"M_WHO_Data_Quality_Tool",
"M_Malaria_score_card",
"M_Malaria_Dashboard",
"F_EVENTREPORT_PUBLIC_ADD",
"M_dhis-web-cache-cleaner",
"F_EVENTCHART_PUBLIC_ADD",
"M_dhis-web-event-visualizer",
"M_dhis-web-app-management",
"M_dhis-web-messaging",
"M_dhis-web-mapping",
"M_dhis-web-reports"
],
"programs": [
"xxxxxxxxxxx",
"xxxxxxxxxxx",
"xxxxxxxxxxx"
],
"dataSets": [
"xxxxxxxxxxx",
"xxxxxxxxxxx",
"xxxxxxxxxxx",
"xxxxxxxxxxx"
]
}
1- Authentification de base¶
L”authentification de base est une technique permettant aux clients d’envoyer des identifiants de connexion via HTTP à un serveur Web. Techniquement parlant, le nom d’utilisateur est ajouté avec deux-points et le mot de passe, encodé en Base64, préfixé Basic et fourni comme valeur de l’en-tête HTTP d’autorisation. Plus formellement c’est :
Message:
| Authorization: Basic base64encode(username:password)
2-Authentification à deux facteurs (2FA)¶
L”Authentification à deux facteurs (2FA) doit être activé par l’utilisateur. Lorsqu’il est activé, les utilisateurs seront invités à saisir un code 2FA lors de la connexion.
3- OAuth2¶
OAuth2 est une norme ouverte d’autorisation qui permet aux clients tiers de se connecter au nom d’un utilisateur DHIS2 et d’obtenir un jeton de support réutilisable pour les demandes ultérieures à l’API Web. Chaque client pour lequel vous souhaitez autoriser l’authentification OAuth 2 doit être enregistré dans DHIS2. Pour ajouter un nouveau client OAuth2, accédez à « Apps > Settings > OAuth2 Clients » dans l’interface utilisateur, cliquez sur Ajouter nouveau et entrez le nom du client souhaité et les types d’octroi. Un client OAuth2 peut être ajouté via l’API Web. Par exemple, nous pouvons envoyer une charge utile comme celle-ci :
{
"name": "OAuth2 Demo Client",
"cid": "demo",
"secret": "1e6db50c-0fee-11e5-98d0-3c15c2c6caf6",
"grantTypes": ["password", "refresh_token", "authorization_code"],
"redirectUris": ["http://www.example.org"]
}
status |
Time |
Size |
200 OK |
2.21 s |
3.13 KB |
{
"lastUpdated": "2021-11-09T13:38:14.392",
"id": "xxxxxxxxxxx",
"created": "2019-10-11T15:17:56.151",
"name": "xxxxxxxxxxx",
"gender": "gender_male",
"displayName": "xxxxxxxxxxx",
"jobTitle": "xxxxxxxxxxx",
"externalAccess": false,
"surname": "xxxxxxxxxxx",
"employer": "Unité de Coordination des Projets (UCP) du MSanP",
"email": "xxxxxxxxxxx@xxxxxxxxxxx.org",
"lastCheckedInterpretations": "2021-11-09T13:38:14.392",
"firstName": "Publique",
"phoneNumber": "xxxxxxxxxxx",
"nationality": "MALAGASY",
"favorite": false,
"access": {
"read": false,
"update": false,
"externalize": false,
"delete": false,
"write": false,
"manage": false
},
"userCredentials": {
"lastUpdated": "2022-06-22T13:08:35.212",
"id": "xxxxxxxxxxx",
"created": "2021-09-22T11:52:06.358",
"name": "xxxxxxxxxxx",
"lastLogin": "2022-06-22T13:08:35.212",
"displayName": "xxxxxxxxxxx",
"externalAuth": false,
"externalAccess": false,
"disabled": false,
"twoFA": false,
"passwordLastUpdated": "2021-09-22T11:52:06.358",
"invitation": false,
"selfRegistered": false,
"favorite": false,
"username": "xxxxxxxxxxx",
"userInfo": {
"id": "xxxxxxxxxxx"
},
"access": {
"read": true,
"update": true,
"externalize": false,
"delete": true,
"write": true,
"manage": true
},
"user": {
"displayName": "xxxxxxxxxxx",
"id": "xxxxxxxxxxx",
"username": "xxxxxxxxxxx"
},
"favorites": [],
"cogsDimensionConstraints": [],
"catDimensionConstraints": [],
"translations": [],
"userGroupAccesses": [],
"attributeValues": [],
"userRoles": [
{
"id": "xxxxxxxxxxx"
}
],
"userAccesses": []
},
"settings": {
"keyMessageSmsNotification": true,
"keyDbLocale": "fr",
"keyStyle": "light_blue/light_blue.css",
"keyUiLocale": "fr",
"keyAnalysisDisplayProperty": "name",
"keyMessageEmailNotification": true
},
"favorites": [],
"teiSearchOrganisationUnits": [],
"translations": [],
"organisationUnits": [
{
"id": "xxxxxxxxxxx"
}
],
"dataViewOrganisationUnits": [
{
"id": "xxxxxxxxxxx"
}
],
"userGroupAccesses": [],
"attributeValues": [],
"userGroups": [
{
"id": "xxxxxxxxxxx"
},
{
"id": "xxxxxxxxxxx"
}
],
"userAccesses": [],
"authorities": [
"M_dhis-web-data-quality",
"F_REPORT_PUBLIC_ADD",
"M_dhis-web-pivot",
"F_EXTERNAL_MAP_LAYER_PUBLIC_ADD",
"M_Score_Card_Widget",
"F_MAP_PUBLIC_ADD",
"M_Immunization_analysis",
"F_SEND_EMAIL",
"F_DATAVALUE_ADD",
"M_dhis-web-visualizer",
"M_dhis-web-maps",
"F_DASHBOARD_PUBLIC_ADD",
"M_dhis-web-reporting",
"M_dhis-web-data-visualizer",
"M_dhis-web-dashboard",
"M_WHO_Data_Quality_Tool",
"M_Malaria_score_card",
"M_Malaria_Dashboard",
"F_EVENTREPORT_PUBLIC_ADD",
"M_dhis-web-cache-cleaner",
"F_EVENTCHART_PUBLIC_ADD",
"M_dhis-web-event-visualizer",
"M_dhis-web-app-management",
"M_dhis-web-messaging",
"M_dhis-web-mapping",
"M_dhis-web-reports"
],
"programs": [
"xxxxxxxxxxx",
"xxxxxxxxxxx",
"xxxxxxxxxxx"
],
"dataSets": [
"xxxxxxxxxxx",
"xxxxxxxxxxx",
"xxxxxxxxxxx",
"xxxxxxxxxxx"
]
}
Prudence
Si vous n’aviez pas d’autorisation à accéder à l’API de DHIS2 alors, vous pouviez recevoir le message suivant :
status |
Time |
Size |
403 Forbidden |
516 ms |
563 B |
{
"httpStatus": "Forbidden",
"httpStatusCode": 403,
"status": "ERROR",
"message": "You don't have the proper permissions to read objects of this type."
}
