| Authorization token required | false - can't require auth on auth request |
| Admin Authorization token required | false - can't require auth on auth request |
<AuthRequest [persistAuthTokenCookie="(0|1)"] [csrfTokenSecured="(0|1)"] [name="{auth-name}"] [password="..."]> ## AuthRequest
<authToken>{authToken} (String)</authToken>
<account by="{acct-selector-by} (adminName | appAdminName | id | foreignPrincipal | name | krb5Principal)">{key}</account> ## AccountSelector
<virtualHost>{virtualHost} (String)</virtualHost>
</AuthRequest>
elements and attributes you can define within a
<AuthRequest> element:
| XPath | Required / Optional | Description |
| @persistAuthTokenCookie | Optional (0 or 1) | Type: 0|1 controls whether the auth token cookie in the response should be persisted when the browser exits. 0: (default) the cookie will be deleted when the Web browser exits. 1: The "Expires" attribute of the cookie will be set per rfc6265. |
| @csrfTokenSecured | Optional (0 or 1) | Type: 0|1 controls whether the client supports CSRF token 0: (default) Client does not support CSRF token 1: The client supports CSRF token. |
| @name | Optional (0 or 1) | Type: String Name. Only one of {auth-name} or <account> can be specified |
| @password | Optional (0 or 1) | Type: String Password - must be present if not using AuthToken |
| /authToken | Optional (0 or 1) | Type: {authToken} (String) An authToken can be passed instead of account/password/name to validate an existing auth token. |
| /account | Optional (0 or 1) | Type: {key} Account Description for element text content:The key used to identify the account. Meaning determined by {acct-selector-by} |
| /account@by | Required (only 1) | Type: adminName | appAdminName | id | foreignPrincipal | name | krb5Principal Select the meaning of {acct-selector-key} |
| /virtualHost | Optional (0 or 1) | Type: {virtualHost} (String) Virtual host |
<AuthResponse> ## AuthResponse
<authToken>{authToken} (String)</authToken>
<csrfToken>{csrfToken} (String)</csrfToken>
<lifetime>{lifetime} (long)</lifetime>
</AuthResponse>
elements and attributes you can define within a
<AuthResponse> element:
| XPath | Required / Optional | Description |
| /authToken | Required (only 1) | Type: {authToken} (String) Auth Token |
| /csrfToken | Optional (0 or 1) | Type: {csrfToken} (String) if client is CSRF token enabled , the CSRF token Returned only when client says it is CSRF enabled . |
| /lifetime | Required (only 1) | Type: {lifetime} (long) Life time for the authorization |