Versions Compared

Old Version 1

changes.mady.by.user DevPortal Editor (Unlicensed)

Saved on

compared with

New Version Current

changes.mady.by.user Onesait Platform

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EN | ES

Table of Contents

Onesait Platform is ready to work with OAuth2 authentication. Following we'll see the OAuth2 Token The Oauth2 token management flow is explained below.

1. OAuth2 Realm configuration parameters

When creating or Updating a Realm, there are two parameters to be configured associated to the OAuth Tokens:

Image RemovedImage Added

  • KEY (Clave) (Secret): key that will be used for clients's authentication..
  • TOKEN VALIDITY TIME (S) (Tiempo de validez de token (s)): configurable duration timespan (in seconds) in which the generated token will be valid.

They are non-obligatory are optional attributes. In case of not informing themIf not informed, they will take default values ​​​​defined in the platform deployment (onesaitplatform and 43200 (12 hours)).

2. Token Generation

There is an endpoint that allows OAuth2 token generation. The URL is like this: https://lab.onesaitplatform.com/oauth-server/oauth/token

...

  • Headers:
    • Authorization: (client:secret b64)
    • Content-Type: application/x-www-form-urlencoded
  • Body:
    • grant_type: password (User/Password request)
    • username: user's Id
    • password: user's password
    • clientId: client's Id for Token use id of the client requesting the token
    • scope: Token scope 

Using Postman to send this request, it will be something like this:



The response will be like have this format:


To HighlightHighlights:

  • access_token: Access token.
  • refresh_token: Refresh Token (one single use).
  • expires_in: Remaining validity time (seconds).
  • authorities: Realms' roles asigned to the user.

3.

...

Check Token

Service that verifies the validity of a token. The endpoint will be like this: https://lab.onesaitplatform.com/oauth-server/openplatform-oauth/check_token

The POST request must include:

  • Headers:
    • Authorization: (client:secret b64)
  • Parameter:
    • token: token to validate

Using postmanPostman:

If the token is valid, a response will be obtained in the form:

To HighlightHighlights:

  • principal/name: user for which the token was generated.
  • exp: Expiration date.
  • client_id: client Client for which the token was generated.
  • authorities: Realm's Roles to which the token's user belongs.

4. Refresh Token

Service that regenerates the token in order to obtain another one. The endpoint is like this: https://lab.onesaitplatform.com/oauth-server/oauth/token

(the same as for getting a new token, changes the grant-type attribute).

The POST request must include:

  • Headers:
    • Authorization: (client:secret b64)
    • Content-Type: application/x-www-form-urlencoded
  • Body:
    • grant_type: refresh_token (for token refresh)
    • refresh_token: refresh  refresh token obtained when generating the access token )was generated.

Using Postman:

The result is will have the same structure as for when a get token generation request :is made.

Image Modified

The refresh token is one-use tokenonly. After regenerating the tokenusing it, a new refresh token one will be provided along with the new access token.

5. Revoke Token

As an addional additional service, a revoke token revocation service has been is included. It allows Allows you to disable (revoke) an existing access token associated to an with a given user.

The endpoint is like this: https://lab.onesaitplatform.com/oauth-server/openplatform-oauth/revoke_token

The POST request must include:

...

An endpoint to retrieve user claims. The url is like this: https://lab.onesaitplatform.com/oauth-server/user

The POST request must include:

...

  • Authorization: Bearer {jwt}

In postmanPostman: