This API handles the authorization, global Masiv authentication, white label authentication and user password update processes.

First, we’ll discuss the services that are strictly related to the transversal session creation (Auther and Authorization services).

Later on, we’ll talk about the white label authentication and white label user management processes.

Requirements

Understand cookie nomenclature in Oasis DS.

Services

The main Oasis DS Masiv services related with the Unified Login transversal authentication and authorization.

Auther service

Authorization service

Refresh token service

Cookie handling

The library uses a specific nomenclature for cookies sent in API requests. Understanding this nomenclature is essential for executing your application correctly.

Cookie names

Masivapp cookies

• The Masivapp cookie uses the prefix mapp- to identify its cookies.

  • mapp-{{ encrypted string }}, is the session cookie. Its name is composed by the mapp- string followed by the data encrypted:

    Ex.

    mapp-U2FsdGVkX19Ba0IAyDY3RcpjHsn2Iw/BMK5ixzt4KnTeelAAi0Mlj3/wUsPZnHBcy2Tn7dpzt/PbeXl2qpohQg

    mapp-[origin]env-[environment]

• Cookie structure

  • mapp-session, is the refresh token

Cookie values

• Values are stored as encrypted JSON web tokens.
• Sensitive data may be encrypted before storage.

Expiration

• Session cookies expire within 8 hours.

Security