Start a new topic

LDAP Authorization

I'm authorizing my user with an LDAP auth link connector. I receive the access token back, but how should I pass this back to kinvey for access to my collection? I see 'session authorization', but just passing the token in that header, doesn't work. I'm doing this through the REST way. If I could use the SDK, how do I pass the token within the request?


Is the 'loginAuthLink' method available to Phonegap and HTML5 js files?
Once you have the access token, you can use this to login as follows:


"_socialIdentity": {

"authlink": {

"access_token": "",

"expires_in": "3600"



}).then(function () {

// success

}, function () {

// error

Mark, I tried this method, but I keep getting a error on the login response.

XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.

Any thoughts on why I get this response? also, the request takes 59s to get this error back.

Updated: You're essentially at step 3 of Authentication Flow diagram in the LDAP Auth link guide. Which means you need to login to Kinvey using the auth token returned from the auth link before you can access your collection data.

Each native SDK has a convenience login method to handle session authentication with Kinvey servers. If you are using the REST api you will have to perform the POST manually.

Native Android:

kinveyClient.user().loginAuthLink(accessToken, new KinveyUserCallback() {

public void onFailure(Throwable e) {

Log.e(TAG, "failed Kinvey authlink login", e);


public void onSuccess(User u) {

Log.d(TAG, "successfully logged in with authlink");




POST /user/:appKey/ HTTP/1.1


Content-Type: application/json

Authorization: [Basic Auth with app credentials]


"socialIdentity": {

"authlink": {

"accesstoken": "from authlink response",

"refresh_token": "from authlink response"




In step 4 the Kinvey servers will use the LDAP endpoint configuration setup for the app to 'verify' the authtoken and ensure only a 200 is returned then the request to "login" the user to Kinvey will complete successfully.
Login or Signup to post a comment