Connecting to a target requires a local Boundary CLI binary or Boundary Desktop. On connect, Boundary launches a local proxy. It cannot be achieved entirely through the API. Since the CLI is required, we recommend leveraging it to perform authentication flows as well.
Boundary Authentication via the API
The custom method is :authenticate
. The POST request to an authenticate endpoint must contain a body which includes the “command”. For example:
POST /v1/auth-methods/amid_1234:authenticate
{command: 'start'}
Which returns the OIDC URL where the user must complete the authentication flow, as well as a token_id
which may be used to poll the Boundary controller for the authentication token:
{
attributes: {
auth_url: 'https://www.duckduckgo.com',
token_id: 'token_1234'
}
}
Once the user flow is kicked-off, you may poll the controller to see if the token is available (it is only available after the user has completed the flow):
POST /v1/auth-methods/amid_1234:authenticate
{
"command": "token",
"attributes": {
"token_id": "token_1234"
}
}
If the token is not available, an empty response is returned. When the token is available, you will receive a response similar to:
{
"attributes": {
"scope": {
"scope": {
"id": "global",
"type": "global"
},
"id": "sid_1234",
"authorized_collection_actions": {},
"authorized_actions": [],
"type": "org",
"disabled": true,
"updated_time": "",
"created_time": "",
"description": "Towels",
"name": "monitor Security Cheese",
"primary_auth_method_id": "auth-method-id-2"
},
"id": "token123",
"token": "thetokenstring",
"account_id": "1",
"user_id": "user123",
"auth_method_id": "authmethod123",
"created_time": "",
"updated_time": "",
"last_used_time": "",
"expiration_time": ""
}
}