4.3 Login with Password

The loginWithPassword function is the instance function that initialises your access to Bayun. The function takes the following parameters :

Let's say an employee has loginId username@bayunsystems.com.

sessionId : Unique sessionId.
You can provide a unique sessionId to the loginWithPassword function call. If an empty sessionId i.e " " is provided, Bayun creates and returns a unique sessionId in the successful login response in ShAuthenticateResponse.
Same sessionId should be provided in all the subsequent calls to the Bayun APIs as an argument.
companyName : Unique name of the company/tenant the authenticating employee belongs to, e.g. bayunsystems.com. This should be chosen using exactly the same methodology that was used during user registration via registerEmployeeWithPassword. Note that in some cases the email domain of the user could be different from the domain of the tenant this user belongs to. In such a case, the domain-name part of the tenant is what should be used as the companyName parameter.
companyEmployeeId : EmployeeId unique within the company, e.g. "username@bayunsystems.com". This should also be chosen using exactly the same methodology that was used during user registration via registerEmployeeWithPassword. Note that while just the "username" portion might suffice in some cases, it is preferable to use the full loginId for consistency.
password : Password of the user. Used to keep user secret keys protected. Never stored or transmitted by BayunSDK in clear. If the developer wishes, it can be a cryptographic hash of the password instead of the cleartext password itself. Bayun just needs a unique secret known to the user only, or something unique generated from it, for keeping the user lockboxes protected in such a way that nobody other than the user has access to it (similar to how iPhone does it with user’s device PIN).
autoCreateEmployee : Determines whether or not an employee should be created automatically on Bayun’s system if it does not already exist within the given company. If set to true, an attempt is made to authenticate against an existing employee account first, but if there is no such employee within the given company, a new one is created instead with the supplied credentials. This provides an easy integration option for the developer to use a single login call in an existing application for the simpler use-cases, rather than having to integrate separately with more involved registration & authorization flow along-with the separate login flow. Use this feature only when Bayun’s auth mechanism is being used as shadow auth for your app’s own authentication, using the same user password. And make sure the user has already been successfully authenticated to your own app’s authentication mechanism, before calling Bayun’s loginWithPassword function with autoCreateEmployee set to true.

The loginWithPassword function returns shared pointer to the classAuthenticateResponse i.e ShAuthenticateResponse.

Following are the possible values of BayunAuthResponseCode in ShAuthenticateResponse:

Success : Authentication is successful.
VerifySecurityQuestions : When two-factor authorization is enabled for the employee logging in with Bayun. The Security Questions and QuestionIds are returned in the form of std::vector<SecurityQuestionInfo*>in ShAuthenticateResponse .
Login completes when answers are validated for the security questions.
VerifyPassphrase : When two-factor authorization is enabled for the employee logging in with Bayun. Login completes when passphrase is validated.
EmployeeAuthorizationPending : When BayunCore is inited with App Secret having only role Creation , EmployeeAuthorizationPendingis returned as BayunAuthResponseCode if the employee authorization is pending on the app server side. Employee Public Key data is returned as employeePublicKey. Check Authorize Employee for employee authorization.

Use validateSecurityQuestions function to validate the security questions' answers.

The function takes the following parameters :

sessionId : Unique SessionId which is received in the loginWithPassword function response.
answers : Security questions' answers of type std::vector<SecurityQuestionAnswer*>.

Use validatePassphrase function to validate the passphrase.

The function takes the following parameters :

sessionId : Unique SessionId which is received in the loginWithPassword function response.
passphrase : Passphrase to validate.

Sample Code

#include "BayunCore.h"

std::string sessionId = "<sessionId>"
std::string companyName = "bayunsystems.com"; // company portion from loginId
std::string companyEmployeeId = "username"; //username portion from loginId
std::string password = "<employeePassword>";
bool autoCreateEmployee = true;

Bayun::ShAuthenticateResponse authResponse =
bayunCore->loginWithPassword(sessionId, companyName, companyEmployeeId, password, autoCreateEmployee);
if (authResponse != nullptr) {
  std::string sessionId = authResponse->sessionId.c_str();
  Bayun::BayunAuthResponseCode responseCode = authResponse->responseCode;
  
  if (responseCode == Bayun::BayunAuthResponseCode::Success) {
    //perform Bayun Operations
  } else if (responseCode == Bayun::BayunAuthResponseCode::VerifySecurityQuestions)  {
    
    std::vector<Bayun::ShSecurityQuestionInfo> securityQuestions; =  authResponse->getSecurityQuestions();
    std::vector<Bayun::ShSecurityQuestionAnswer> answers;
    
    answers.push_back(std::make_shared<Bayun::SecurityQuestionAnswer>("<questionId>", "<answer>"));
    answers.push_back(std::make_shared<Bayun::SecurityQuestionAnswer>("<questionId>", "<answer>"));
    answers.push_back(std::make_shared<Bayun::SecurityQuestionAnswer>("<questionId>", "<answer>"));
    answers.push_back(std::make_shared<Bayun::SecurityQuestionAnswer>("<questionId>", "<answer>"));
    answers.push_back(std::make_shared<Bayun::SecurityQuestionAnswer>("<questionId>", "<answer>"));
    
    Bayun::ShValidateSecurityQuesResponse response =  bayunCore->validateSecurityQuestions(sessionId, answers);
    if (response != nullptr) {
      sessionId = response->sessionId.c_str();
      responseCode = response->getResponseCode();
      if (responseCode == Bayun::BayunAuthResponseCode::Success) {
        //perform Bayun Operations
      }
    }
  }
  else if (responseCode == Bayun::BayunAuthResponseCode::VerifyPassphrase) {
    
    //Validating Passphrase for demonstration.
    Bayun::ShValidatePassphraseResponse response = bayunCore->validatePassphrase(sessionId, "<passphrase>");
    if (response != nullptr) {
      sessionId = response->sessionId.c_str();
      responseCode = response->getResponseCode();
      if (responseCode == Bayun::BayunAuthResponseCode::Success) {
        //perform Bayun Operations
      }
    }
  } 
}

Previous4.2 Register without Password Next4.4 Login without Password

Last updated 2 years ago

Was this helpful?