API Documentation
Back to top  

OneLogin client implementation

package Default

 Methods

Create a new instance of Client.

__construct($clientId, $clientSecret, $region = "us", $maxResults = 1000

Parameters

$clientId

$clientSecret

$region

$maxResults

Assigns Roles to User

assignRoleToUser(\OneLogin\api\id $id, \OneLogin\api\roleIds $roleIds) : true
see Assign Role to User documentation

Parameters

$id

\OneLogin\api\id

Id of the user to be modified

$roleIds

\OneLogin\api\roleIds

Set to an array of one or more role IDs.

Returns

trueif success

Clean any previous error registered at the client.

cleanError() 

Create an event in the OneLogin event log.

createEvent(\OneLogin\api\eventParams $eventParams) 
see Create Event documentation

Parameters

$eventParams

\OneLogin\api\eventParams

Event Data (event_type_id, account_id, actor_system, actor_user_id, actor_user_name, app_id, assuming_acting_user_id, custom_message, directory_sync_run_id, group_id, group_name, ipaddr, otp_device_id, otp_device_name, policy_id, policy_name, role_id, role_name, user_id, user_name)

Generates a session login token in scenarios in which MFA may or may not be required.

createSessionLoginToken(\OneLogin\api\queryParams $queryParams, \OneLogin\api\allowedOrigin $allowedOrigin = '') : \OneLogin\api\models\SessionTokenInfo

A session login token expires two minutes after creation.

see Create Session Login Token documentation

Parameters

$queryParams

\OneLogin\api\queryParams

Query Parameters (username_or_email, password, subdomain, return_to_url, ip_address, browser_id)

$allowedOrigin

\OneLogin\api\allowedOrigin

Custom-Allowed-Origin-Header. Required for CORS requests only. Set to the Origin URI from which you are allowed to send a request using CORS.

Returns

\OneLogin\api\models\SessionTokenInfoor SessionTokenMFAInfo object if success

Post a session token to this API endpoint to start a session and set a cookie to log a user into an app.

createSessionViaToken(\OneLogin\api\sessionToken $sessionToken) : \OneLogin\api\Header
see Create Session Via API Token documentation

Parameters

$sessionToken

\OneLogin\api\sessionToken

The session token

Returns

\OneLogin\api\Header'Set-Cookie' value

Creates an user

createUser(\OneLogin\api\userParams $userParams) : \OneLogin\api\Created
see Create User documentation

Parameters

$userParams

\OneLogin\api\userParams

User data (firstname, lastname, email, username, company, department, directory_id, distinguished_name, external_id, group_id, invalid_login_attempts, locale_code, manager_ad_id, member_of, openid_name, phone, samaccountname, title, userprincipalname)

Returns

\OneLogin\api\CreatedUser

Deletes an user

deleteUser(\OneLogin\api\id $id) : true
see Delete User by ID documentation

Parameters

$id

\OneLogin\api\id

Id of the user to be deleted

Returns

trueif success

Generates an invite link for a user that you have already created in your OneLogin account.

generateInviteLink(\OneLogin\api\email $email) : String
see Generate Invite Link documentation

Parameters

$email

\OneLogin\api\email

Set the email address of the user that you want to generate an invite link for.

Returns

Stringwith the link

Generates an access token and refresh token that you may use to call Onelogin's API methods.

getAccessToken() 
see Generate Tokens documentation.

Gets a list of all custom attribute fields (also known as custom user fields) that have been defined for OL account.

getCustomAttributes() : \OneLogin\api\List
see Get Custom Attributes documentation

Returns

\OneLogin\api\Listof custom attribute fields

Lists apps accessible by a OneLogin user.

getEmbedApps(\OneLogin\api\token $token, \OneLogin\api\email $email) : \OneLogin\api\A
see Get Apps to Embed for a User documentation

Parameters

$token

\OneLogin\api\token

Provide your embedding token.

$email

\OneLogin\api\email

Provide the email of the user for which you want to return a list of embeddable apps.

Returns

\OneLogin\api\Alist of Apps

getError() 

getError() 

getErrorDescription() 

getErrorDescription() 

Gets Event by ID.

getEvent(\OneLogin\api\id $id) : \OneLogin\api\models\Event
see Get Event by ID documentation

Parameters

$id

\OneLogin\api\id

Id of the event

Returns

\OneLogin\api\models\Event

List of all OneLogin event types available to the Events API.

getEventTypes() : \OneLogin\api\List
see Get Event Types documentation

Returns

\OneLogin\api\Listof EventType

Gets a list of Event resources. (if no limit provided, by default get 50 elements)

getEvents(\OneLogin\api\queryParameters $queryParameters = null, \OneLogin\api\maxResults $maxResults = null) : \OneLogin\api\List
see Get Events documentation

Parameters

$queryParameters

\OneLogin\api\queryParameters

Parameters to filter the result of the list

$maxResults

\OneLogin\api\maxResults

Limit the number of events returned (optional)

Returns

\OneLogin\api\Listof Event

Gets Group by ID.

getGroup(\OneLogin\api\id $id) : \OneLogin\api\models\Group
see Get Group by ID documentation

Parameters

$id

\OneLogin\api\id

Id of the group

Returns

\OneLogin\api\models\Group

Gets a list of Group resources (element of groups limited with the limit parameter).

getGroups(\OneLogin\api\maxResults $maxResults = null) : \OneLogin\api\List
see Get Groups documentation

Parameters

$maxResults

\OneLogin\api\maxResults

Limit the number of groups returned (optional)

Returns

\OneLogin\api\Listof Group

Gets current rate limit details about an access token.

getRateLimit() : \OneLogin\api\models\RateLimit
see Get Rate Limit documentation

Returns

\OneLogin\api\models\RateLimitobject

Gets Role by ID.

getRole(\OneLogin\api\id $id) : \OneLogin\api\models\Role
see Get Role by ID documentation

Parameters

$id

\OneLogin\api\id

Id of the role

Returns

\OneLogin\api\models\Role

Gets a list of Role resources.

getRoles(\OneLogin\api\queryParameters $queryParameters = null) : \OneLogin\api\List
see Get Roles documentation

Parameters

$queryParameters

\OneLogin\api\queryParameters

Parameters to filter the result of the list

Returns

\OneLogin\api\Listof Role

Generates a SAML Assertion.

getSAMLAssertion(\OneLogin\api\usernameOrEmail $usernameOrEmail, \OneLogin\api\password $password, \OneLogin\api\appId $appId, \OneLogin\api\subdomain $subdomain, \OneLogin\api\ipAddress $ipAddress = null) : \OneLogin\api\models\SAMLEndpointResponse
see Generate SAML Assertion documentation

Parameters

$usernameOrEmail

\OneLogin\api\usernameOrEmail

username or email of the OneLogin user accessing the app

$password

\OneLogin\api\password

Password of the OneLogin user accessing the app

$appId

\OneLogin\api\appId

App ID of the app for which you want to generate a SAML token

$subdomain

\OneLogin\api\subdomain

subdomain of the OneLogin account related to the user/app

$ipAddress

\OneLogin\api\ipAddress

whitelisted IP address that needs to be bypassed (some MFA scenarios).

Returns

\OneLogin\api\models\SAMLEndpointResponse

Verifies a one-time password (OTP) value provided for a second factor when multi-factor authentication (MFA) is required for SAML authentication.

getSAMLAssertionVerifying(\OneLogin\api\appId $appId, \OneLogin\api\devideId $devideId, \OneLogin\api\stateToken $stateToken, \OneLogin\api\otpToken $otpToken = null, \OneLogin\api\urlEndpoint $urlEndpoint = null) : \OneLogin\api\models\SAMLEndpointResponse
see Verify Factor documentation

Parameters

$appId

\OneLogin\api\appId

App ID of the app for which you want to generate a SAML token

$devideId

\OneLogin\api\devideId

Provide the MFA device_id you are submitting for verification.

$stateToken

\OneLogin\api\stateToken

Provide the state_token associated with the MFA device_id you are submitting for verification.

$otpToken

\OneLogin\api\otpToken

Provide the OTP value for the MFA factor you are submitting for verification.

$urlEndpoint

\OneLogin\api\urlEndpoint

Specify an url where return the response.

Returns

\OneLogin\api\models\SAMLEndpointResponse

Verify a one-time password (OTP) value provided for multi-factor authentication (MFA).

getSessionTokenVerified(\OneLogin\api\devideId $devideId, \OneLogin\api\stateToken $stateToken, \OneLogin\api\otpToken $otpToken = null) : \OneLogin\api\Session
see Verify Factor documentation

Parameters

$devideId

\OneLogin\api\devideId

Provide the MFA device_id you are submitting for verification.

$stateToken

\OneLogin\api\stateToken

Provide the state_token associated with the MFA device_id you are submitting for verification.

$otpToken

\OneLogin\api\otpToken

Provide the OTP value for the MFA factor you are submitting for verification.

Returns

\OneLogin\api\SessionToken

getUrl() 

getUrl($base, $id = null

Parameters

$base

$id

Gets User by ID.

getUser(\OneLogin\api\id $id) : \OneLogin\api\models\User
see Get User by ID documentation

Parameters

$id

\OneLogin\api\id

Id of the user

Returns

\OneLogin\api\models\User

Gets a list of apps accessible by a user, not including personal apps.

getUserApps(\OneLogin\api\id $id) : \OneLogin\api\List
see Get Apps for a User documentation

Parameters

$id

\OneLogin\api\id

Id of the user

Returns

\OneLogin\api\Listof Apps

Gets a list of role IDs that have been assigned to a user.

getUserRoles(\OneLogin\api\id $id) : \OneLogin\api\List
see Get Roles for a User documentation

Parameters

$id

\OneLogin\api\id

Id of the role

Returns

\OneLogin\api\Listof Role Ids

Gets a list of User resources.

getUsers(\OneLogin\api\queryParameters $queryParameters = null, \OneLogin\api\maxResults $maxResults = null) : Array
see Get Users documentation

Parameters

$queryParameters

\OneLogin\api\queryParameters

Parameters to filter the result of the list

$maxResults

\OneLogin\api\maxResults

Limit the number of users returned (optional)

Returns

Arrayof User

isExpired() 

isExpired() 

Use this call to lock a user's account based on the policy assigned to the user, for a specific time you define in the request, or until you unlock it.

lockUser(\OneLogin\api\id $id, \OneLogin\api\minutes $minutes) : true
see Lock User Account documentation

Parameters

$id

\OneLogin\api\id

Id of the user to be locked

$minutes

\OneLogin\api\minutes

Set to the number of minutes for which you want to lock the user account. (0 to delegate on policy)

Returns

trueif success

Log a user out of any and all sessions.

logUserOut(\OneLogin\api\id $id) : true
see Log User Out documentation

Parameters

$id

\OneLogin\api\id

Id of the user to be logged out

Returns

trueif success

Refreshing tokens provides a new set of access and refresh tokens.

refreshToken() 
see Refresh Tokens documentation

Remove Role from User

removeRoleFromUser(\OneLogin\api\id $id, \OneLogin\api\roleIds $roleIds) : true
see Remove Role from User documentation

Parameters

$id

\OneLogin\api\id

Id of the user to be modified

$roleIds

\OneLogin\api\roleIds

Set to an array of one or more role IDs.

Returns

trueif success

retrieveAppsFromXML() 

retrieveAppsFromXML($xmlContent) 

Parameters

$xmlContent

Revokes an access token and refresh token pair.

revokeToken() 
see Revoke Tokens documentation

Sends an invite link to a user that you have already created in your OneLogin account.

sendInviteLink(\OneLogin\api\email $email, \OneLogin\api\personal_email $personalEmail = null) : True
see Send Invite Link documentation

Parameters

$email

\OneLogin\api\email

Set to the email address of the user that you want to send an invite link for.

$personalEmail

\OneLogin\api\personal_email

If you want to send the invite email to an email other than the one provided in email, provide it here. The invite link will be sent to this address instead.

Returns

Trueif the mail with the link was sent

Set Custom Attribute Value

setCustomAttributeToUser(\OneLogin\api\id $id, \OneLogin\api\customAttributes $customAttributes) : true
see Set Custom Attribute Value documentation

Parameters

$id

\OneLogin\api\id

Id of the user to be modified

$customAttributes

\OneLogin\api\customAttributes

Provide one or more key value pairs composed of the custom attribute field shortname and the value that you want to set the field to.

Returns

trueif success

Sets Password by ID Using Cleartext

setPasswordUsingClearText(\OneLogin\api\id $id, \OneLogin\api\password $password, \OneLogin\api\passwordConfirmation $passwordConfirmation) : true
see Set Password by ID Using Cleartext documentation

Parameters

$id

\OneLogin\api\id

Id of the user to be modified

$password

\OneLogin\api\password

Set to the password value using cleartext.

$passwordConfirmation

\OneLogin\api\passwordConfirmation

Ensure that this value matches the password value exactly.

Returns

trueif success

Set Password by ID Using Salt and SHA-256

setPasswordUsingHashSalt(\OneLogin\api\id $id, \OneLogin\api\password $password, \OneLogin\api\passwordConfirmation $passwordConfirmation, \OneLogin\api\passwordAlgorithm $passwordAlgorithm, \OneLogin\api\passwordSalt $passwordSalt = null) : true
see Set Password by ID Using Salt and SHA-256 documentation

Parameters

$id

\OneLogin\api\id

Id of the user to be modified

$password

\OneLogin\api\password

Set to the password value using a SHA-256-encoded value.

$passwordConfirmation

\OneLogin\api\passwordConfirmation

This value must match the password value.

$passwordAlgorithm

\OneLogin\api\passwordAlgorithm

Set to salt+sha256.

$passwordSalt

\OneLogin\api\passwordSalt

To provide your own salt value.

Returns

trueif success

Updates an user

updateUser(\OneLogin\api\id $id, \OneLogin\api\userParams $userParams) : \OneLogin\api\Updated
see Update User by ID documentation

Parameters

$id

\OneLogin\api\id

Id of the user to be modified

$userParams

\OneLogin\api\userParams

User data (firstname, lastname, email, username, company, department, directory_id, distinguished_name, external_id, group_id, invalid_login_attempts, locale_code, manager_ad_id, member_of, openid_name, phone, samaccountname, title, userprincipalname)

Returns

\OneLogin\api\UpdatedUser

extractErrorMessageFromResponse() 

extractErrorMessageFromResponse($response) 

Parameters

$response

getAfterCursor() 

getAfterCursor($response) 

Parameters

$response

getAuthorization() 

getAuthorization($bearer = true

Parameters

$bearer

getAuthorizedHeader() 

getAuthorizedHeader($bearer = true

Parameters

$bearer

getBeforeCursor() 

getBeforeCursor($response) 

Parameters

$response

handleDataResponse() 

handleDataResponse($response) 

Parameters

$response

handleOperationResponse() 

handleOperationResponse($response) 

Parameters

$response

handleSAMLEndpointResponse() 

handleSAMLEndpointResponse($response) 

Parameters

$response

handleSessionTokenResponse() 

handleSessionTokenResponse($response) 

Parameters

$response

handleTokenResponse() 

handleTokenResponse($response) 

Parameters

$response

prepareToken() 

prepareToken() 

 Properties

 

OneLogin Client ID

$clientID : string

Default

 

OneLogin Client

$clientSecret : string

Default

 

Limit the number of elements returned in a search

$maxResults : integer

Default

 

Aux object to build the API URL endpoints

$urlBuilder : \OneLogin\api\[Object]

Default

 

the User-Agent to be used on requests

$userAgent : string

Default

 

OAuth 2.0 Access Token

$accessToken : string

Default

 

client

$client : \OneLogin\api\GuzzleHttp\Client

Default

 

Last error found

$error : string

Default

 

Description of last error found

$errorDescription : string

Default

 

OAuth 2.0 Token expiration

$expiration : \OneLogin\api\DateTime

Default

 

OAuth 2.0 Refresh Token

$refreshToken : string

Default

 Constants

 

CUSTOM_USER_AGENT

CUSTOM_USER_AGENT = "onelogin-php-sdk " . \OneLogin\api\OneLoginClient::VERSION 
 

VERSION

VERSION = "1.0.0"