Version: 5.5

Authentication Service

This service enables the access to the user profiles of TimePunch.

ConnectWithOAuth2

This method connects the current user with an OAuth2/OpenId Provider. At the moment, only a Microsoft Azure AD Account can be connected. For the future, other OpenId Providers are planned to be implemented.

void ConnectWithOAuth2(
 out TpFault fault, 
 TpAuthentication authentication, 
 string oAuth2UserId, 
 string oAuth2Provider);

Needed Permission	core@logon
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
oAuth2UserId		An unique identifier that must be provided by the OAuth2/OpenId Provider
oAuth2Provider		The key of the OpenId Provider - currently only 'Microsoft' is supported.

IsDatabaseValid

This method checks the database structure of the transferred modules. If the database structure of a module does not fit, an error message is returned in the fault object.

void IsDatabaseValid(  
 TpAuthentication authentication,   
 string[] moduleKeys,   
 out TpFault fault);

Needed Permission	---
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs. AuthenticationFailure.TimePunchOutdated AuthenticationFailure.OldDatabaseVersion AuthenticationFailure.NoDatabaseConnection AuthenticationFailure.UnexpectedException
authentication		User authentication
moduleKeys		List of module identifier to check the database structure

The Fault object returned is of type TpAuthenticationFault

The following module keys are currently known:

Schlüssel	Modul
Datafox	Datafox – Time recording devices
Attendance	TimePunch Attendance – Attendance Sheet
Cutter	TimePunch Cutter – Working Hour Window
Calendar	TimePunch Calendar – Leave Requests
SelfService	TimePunch SelfService – Personal data
Online	TimePunch Online - Mobile time recording
Studio	TimePunch Studio - Time recording at the central service PC
Watcher	TimePunch Watcher - Time recording at the own PC
Management	TimePunch Management - Manage employees and working time

ValidateAuthentication

This method validates the authentication data and returns the user permissions after the successful validation of the user. Additionally the user license gets validated against the given application keys. If the application keys are null, it gets validated if the user owns at least one application license, independent of which.

ValidatedAuthenticationDto ValidateAuthentication (  
 out TpFault fault,   
 TpAuthentication authentication  
 string[] applicationKeys);

Needed Permission	core@logon
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
applicationKeys		Keys of the application for which the license informations shall be validated.
return value		Validated authentication object, containing a collection of the user permissions

The application keys are defined in the class TimePunch.Enums.Core.ApplicationKeys as constant values.

ValidateAuthenticationWithProductLine

This method checks the specified credentials and returns user privileges after successful validation. If no application key is specified, the system only checks whether the user has a license at all - regardless of which one it is.

In addition, this method returns the licensed product line.

ValidatedAuthenticationDto ValidateAuthenticationWithProductLine(  
 out TpFault fault,   
 TpAuthentication authentication,   
 string[] applicationKeys,   
 out ProductLine licensedProductLine);

Needed Permission	core@logon
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
applicationKeys		Keys of the application for which the license informations shall be validated.
LicensedProductLine	Out	Productline that is used by the user. Undefined Currently no product line is set TimePunchPro Licensed for TimePunch PRO TimePunchOne Licensed for TimePunch ONE TimePunchTen Licensed for TimePunch TEN
return value		Validated authentication object, containing a collection of the user permissions

The application keys are defined as constants in the class TimePunch.Enums.Core.ApplicationKeys.

GetPrincipalAndIdentityProfile

This method determines the Principal (the owner of rights), as well as the Identity used (the user identity).

void GetPrincipalAndIdentityProfile(  
 out TpFault fault,   
 TpAuthentication authentication,   
 out UserProfileDto principalDto,  
 out UserProfileDto identityDto);

Needed Permission	core@logon
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
principalDto	Out	Returns the principal object, which is the user that is used for permissioning in TimePunch.
identityDto	Out	Returns the identity object, which is the user to whom the changes/modifications or commands are applied.

GetCoveredUserProfiles

This method identifies all TimePunch profiles which the user can administrate. All TimePunch profiles that are returned with this method can be used as the identity Parameter for the authentication object.

List<UserProfileDto> GetCoveredUserProfiles(  
 out TpFault fault,   
 TpAuthentication authentication);

Needed Permission	core@logon
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
return value		Collection of the user profiles that the given authentication can administrate.

GetEntitledUserProfiles

This method returns all TimePunch profiles. This result is independent of the user authentication.

List<UserProfileDto> GetEntitledUserProfiles(  
 out TpFault fault,   
 TpAuthentication authentication);

Needed Permission	core@logon (if server logon is with username)
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
return value		Collection of the user profiles that are authorized to use TimePunch.

GetLicensedUserProfiles

This method returns all TimePunch profiles, which owns an active and valid license. Additionally the user license gets validated against the given application keys. If the application keys are null, it gets validated if the user owns at least one application license, independent of which.

List<UserProfileDto> GetLicensedUserProfiles (  
 out TpFault fault,   
 TpAuthentication authentication,  
 string[] applicationKeys);

Needed Permission	core@logon (if server logon is with username)
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
applicationKeys		Keys of the application for which the license informations shall be validated.
return value		Collection of the user profiles that own a valid TimePunch license.

The application keys are defined in the class TimePunch.Enums.Core.ApplicationKeys as constant values.

SearchAuthorizedUsers

This method can be used to search for staff members which can logon to the system. That are most users that have access to TimePunch.

List<UserProfileDto> SearchAuthorizedUsers(  
 out TpFault fault,   
 TpAuthentication authentication,   
 UserSearchDto userSearchDto);

Needed Permission	core@logon (if server logon is with username)
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
userSearchDto		Search object that specifies what to search for.
return value		Collection of the user profiles that are authorized to use TimePunch.

SearchUserLogons

This method can return extended information to the user profiles. Additionally to the basic data, the permissions and the first / last entry date of the user profile will be returned.

List<UserLogonDto> SearchUserLogons(  
 out TpFault fault,   
 TpAuthentication authentication,   
 UserSearchDto userSearchDto)

Needed Permission	userProfiles@access
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
userSearchDto		Search object that specifies what to search for.
return value		Collection of the user profiles that are authorized to use TimePunch.

SetPassword

This method is used to set the logon password for a member. The password will only be set for the member that is authenticated through the authentication object.

void SetPassword(  
 out TpFault fault,   
 TpAuthentication authentication,   
 string newHashedPwd);

Needed Permission	password@manage
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
newHashedPwd		New Password. The password must already been hashed with the MD5 algorithm.

GetAutoRegistration

This method returns internal information about the Auto-Registration feature of TimePunch. This feature allows new employees to log in directly to TimePunch without having an administrator create the profile in TimePunch.

AutoregistrationDto GetAutoRegistration(  
 out TpFault fault,   
 TpAuthentication authentication);

Needed Permission	---
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
clientVersion		This must be a valid version of the client. The server checks the version against allowed values, to indicate that the client is compatible with the server
return value		Information about the auto-registration feature of TimePunch.

SaveAutoRegistration

Use this method to set or change the Auto-Registration feature of TimePunch.

void SaveAutoRegistration(  
 out TpFault fault,   
 TpAuthentication authentication,   
 AutoregistrationDto autoregistration);

Needed Permission	core@administrate
Name	Modifier	Description
fault	Out	Contains the error if an exception occurs.
authentication		User authentication
autoregistration		Information about the auto-registration feature of TimePunch

Authentication Service

ConnectWithOAuth2​

IsDatabaseValid​

ValidateAuthentication​

ValidateAuthenticationWithProductLine​

GetPrincipalAndIdentityProfile​

GetCoveredUserProfiles​

GetEntitledUserProfiles​

GetLicensedUserProfiles​

SearchAuthorizedUsers​

SearchUserLogons​

SetPassword​

GetAutoRegistration​

SaveAutoRegistration​