Authentication Service
This service enables the access to the user profiles of TimePunch.
ConnectWithOAuth2
This method connects the current user with an OAuth2/OpenId Provider. At the moment, only a Microsoft Azure AD Account can be connected. For the future, other OpenId Providers are planned to be implemented.
void ConnectWithOAuth2(
out TpFault fault,
TpAuthentication authentication,
string oAuth2UserId,
string oAuth2Provider);
Needed Permission | core@logon | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
oAuth2UserId | An unique identifier that must be provided by the OAuth2/OpenId Provider | |
oAuth2Provider | The key of the OpenId Provider - currently only 'Microsoft' is supported. |
IsDatabaseValid
This method checks the database structure of the transferred modules. If the database structure of a module does not fit, an error message is returned in the fault object.
void IsDatabaseValid(
TpAuthentication authentication,
string[] moduleKeys,
out TpFault fault);
Needed Permission | --- | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. AuthenticationFailure.TimePunchOutdated AuthenticationFailure.OldDatabaseVersion AuthenticationFailure.NoDatabaseConnection AuthenticationFailure.UnexpectedException |
authentication | User authentication | |
moduleKeys | List of module identifier to check the database structure |
The Fault object returned is of type TpAuthenticationFault
The following module keys are currently known:
Schlüssel | Modul |
---|---|
Datafox | Datafox – Time recording devices |
Attendance | TimePunch Attendance – Attendance Sheet |
Cutter | TimePunch Cutter – Working Hour Window |
Calendar | TimePunch Calendar – Leave Requests |
SelfService | TimePunch SelfService – Personal data |
Online | TimePunch Online - Mobile time recording |
Studio | TimePunch Studio - Time recording at the central service PC |
Watcher | TimePunch Watcher - Time recording at the own PC |
Management | TimePunch Management - Manage employees and working time |
ValidateAuthentication
This method validates the authentication data and returns the user permissions after the successful validation of the user. Additionally the user license gets validated against the given application keys. If the application keys are null, it gets validated if the user owns at least one application license, independent of which.
ValidatedAuthenticationDto ValidateAuthentication (
out TpFault fault,
TpAuthentication authentication
string[] applicationKeys);
Needed Permission | core@logon | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
applicationKeys | Keys of the application for which the license informations shall be validated. | |
return value | Validated authentication object, containing a collection of the user permissions |
The application keys are defined in the class TimePunch.Enums.Core.ApplicationKeys as constant values.
ValidateAuthenticationWithProductLine
This method checks the specified credentials and returns user privileges after successful validation. If no application key is specified, the system only checks whether the user has a license at all - regardless of which one it is.
In addition, this method returns the licensed product line.
ValidatedAuthenticationDto ValidateAuthenticationWithProductLine(
out TpFault fault,
TpAuthentication authentication,
string[] applicationKeys,
out ProductLine licensedProductLine);
Needed Permission | core@logon | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
applicationKeys | Keys of the application for which the license informations shall be validated. | |
LicensedProductLine | Out | Productline that is used by the user. Undefined Currently no product line is set TimePunchPro Licensed for TimePunch PRO TimePunchOne Licensed for TimePunch ONE TimePunchTen Licensed for TimePunch TEN |
return value | Validated authentication object, containing a collection of the user permissions |
The application keys are defined as constants in the class TimePunch.Enums.Core.ApplicationKeys.
GetPrincipalAndIdentityProfile
This method determines the Principal (the owner of rights), as well as the Identity used (the user identity).
void GetPrincipalAndIdentityProfile(
out TpFault fault,
TpAuthentication authentication,
out UserProfileDto principalDto,
out UserProfileDto identityDto);
Needed Permission | core@logon | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
principalDto | Out | Returns the principal object, which is the user that is used for permissioning in TimePunch. |
identityDto | Out | Returns the identity object, which is the user to whom the changes/modifications or commands are applied. |
GetCoveredUserProfiles
This method identifies all TimePunch profiles which the user can administrate. All TimePunch profiles that are returned with this method can be used as the identity Parameter for the authentication object.
List<UserProfileDto> GetCoveredUserProfiles(
out TpFault fault,
TpAuthentication authentication);
Needed Permission | core@logon | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
return value | Collection of the user profiles that the given authentication can administrate. |
GetEntitledUserProfiles
This method returns all TimePunch profiles. This result is independent of the user authentication.
List<UserProfileDto> GetEntitledUserProfiles(
out TpFault fault,
TpAuthentication authentication);
Needed Permission | core@logon (if server logon is with username) | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
return value | Collection of the user profiles that are authorized to use TimePunch. |
GetLicensedUserProfiles
This method returns all TimePunch profiles, which owns an active and valid license. Additionally the user license gets validated against the given application keys. If the application keys are null, it gets validated if the user owns at least one application license, independent of which.
List<UserProfileDto> GetLicensedUserProfiles (
out TpFault fault,
TpAuthentication authentication,
string[] applicationKeys);
Needed Permission | core@logon (if server logon is with username) | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
applicationKeys | Keys of the application for which the license informations shall be validated. | |
return value | Collection of the user profiles that own a valid TimePunch license. |
The application keys are defined in the class TimePunch.Enums.Core.ApplicationKeys as constant values.
SearchAuthorizedUsers
This method can be used to search for staff members which can logon to the system. That are most users that have access to TimePunch.
List<UserProfileDto> SearchAuthorizedUsers(
out TpFault fault,
TpAuthentication authentication,
UserSearchDto userSearchDto);
Needed Permission | core@logon (if server logon is with username) | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
userSearchDto | Search object that specifies what to search for. | |
return value | Collection of the user profiles that are authorized to use TimePunch. |
SearchUserLogons
This method can return extended information to the user profiles. Additionally to the basic data, the permissions and the first / last entry date of the user profile will be returned.
List<UserLogonDto> SearchUserLogons(
out TpFault fault,
TpAuthentication authentication,
UserSearchDto userSearchDto)
Needed Permission | userProfiles@access | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
userSearchDto | Search object that specifies what to search for. | |
return value | Collection of the user profiles that are authorized to use TimePunch. |
SetPassword
This method is used to set the logon password for a member. The password will only be set for the member that is authenticated through the authentication object.
void SetPassword(
out TpFault fault,
TpAuthentication authentication,
string newHashedPwd);
Needed Permission | password@manage | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
newHashedPwd | New Password. The password must already been hashed with the MD5 algorithm. |
GetAutoRegistration
This method returns internal information about the Auto-Registration feature of TimePunch. This feature allows new employees to log in directly to TimePunch without having an administrator create the profile in TimePunch.
AutoregistrationDto GetAutoRegistration(
out TpFault fault,
TpAuthentication authentication);
Needed Permission | --- | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
clientVersion | This must be a valid version of the client. The server checks the version against allowed values, to indicate that the client is compatible with the server | |
return value | Information about the auto-registration feature of TimePunch. |
SaveAutoRegistration
Use this method to set or change the Auto-Registration feature of TimePunch.
void SaveAutoRegistration(
out TpFault fault,
TpAuthentication authentication,
AutoregistrationDto autoregistration);
Needed Permission | core@administrate | |
---|---|---|
Name | Modifier | Description |
fault | Out | Contains the error if an exception occurs. |
authentication | User authentication | |
autoregistration | Information about the auto-registration feature of TimePunch |