|connectionID||yes||Unique identifier for the local authentication system connection.|
A unique identifier for the end-user account in the local authentication system. This must be unique to each end-user, persistent between logins, and should ideally be pseudonymous and unique to the user for all time.
|displayName||yes||A human-readable display name for the account holder. Appears in account lists and the audit trail.|
|returnUrl||yes||A URL in your application that the user will be returned to after the OpenAthens session initiator URL is visited.|
|attributes||only when marked as required in attribute mappings in UI||A set of additional attributes for the account holder. This may contain permission sets if mapped via the UI.|
When the user is then passed back to your application via the
returnUrl, it will contain an additional
status parameter to indicate whether the request was successful. The location specified by the return URL should be set up to expect this parameter and it may optionally be used by the calling application to take action depending on whether the operation was successful or otherwise. In fact, aside from token expiry, there are almost no reasons why a failure of the session initiator would occur .
|Success||The OpenAthens session was established successfully.|
|TokenExpired||The session initiator token in the request has expired (tokens are valid for 60 seconds after they are issued).|
|SessionFailure||The OpenAthens system was unable to establish the session (non-specfic error).|