The platform includes an OAuth2-based Authentication server that allows users authentication.
It is the recommended authentication method (Oauth Server) as it implements the OAuth standard and covers the entire token management cycle. It also allows the use of Security Domains (Realms).
For more information you can consult the following entry: How to use OAuth2 Tokens in Platform?
As a basic introduction, the following is an example of generating an OAuth2 Token for a user.
TOKEN GENERATION USING OAUTH2 SERVERToken generation using OAuth2 server
The endpoint that allows to generate Oauth2 tokens would correspond to:
https://<myserver>/oauth-server/oauth/token
We will use our CloudLab environment in the examples:
https://lab.onesaitplatform.com/oauth-server/oauth/token
It will be a POST request, and should include:
- Headers:
- Authorization: (onesaitplatform:onesaitplatform in b64) the default credentials of the platform.
- Body:
- grant_type: password (User/Password)
- username: user id
- password: user password
Using Postman to make this request:
The answer will have this format:
Highlights;
- access_token
- refresh_token: Token de refresco Refresh token (one-use).
- expires_in: Remaining validity time (seconds).
- authorities: User's Roles assigned (platform-generic when using default authentication)
- .
Authentication using the Control Panel login service
In addition to the use of generic OAuth2 token, the possibility of authenticating through the platform control panel using user ID and password is provided. This implementation will be used for simple tests and simple user validations.
The endpoint that is exposed is:
https://<myserver>/controlpanel/swagger-ui.html#/Login_Oauth_service
We will use our CloudLab environment in the examples:
https://lab.onesaitplatform.com/controlpanel/swagger-ui.html#/Login_Oauth_service
This is a POST request, and should include:
- Body: (json)
- username: user id
- password: user password
- vertical (Optional only if using multitenancy platform)
A body example would be:
{"username": "developer",
"password": "XXXXXX"}
The request will be:
The result would include platform related user information (and the default assigned roles).