EN | ES
Table of Contents
Onesait Platform is ready to work with OAuth2 authentication. Following we'll see the OAuth2 Token management flow.
1. OAuth2 Realm configuration parameters
When creating or Updating a Realm, there are two parameters to be configured associated to the OAuth Tokens:
- KEY (Secret): key that will be used for clients's authentication..
- TOKEN VALIDITY TIME (S): configurable duration (in seconds) in which the generated token will be valid.
...
The URL is like this: https://lab.onesaitplatform.onlinecom/oauth-server/oauth/token
...
Service that verifies the validity of a token. The endpoint will be like this: https://lab.onesaitplatform.onlinecom/oauth-server/openplatform-oauth/check_token
The POST request must include:
- Headers:
- Authorization: (client:secret b64)
- Parameter:
- token: token to validate
Using postman:
If the token is valid, a response will be obtained in the form:
To Highlight:
- exp: Expiration date
- client_id: client for which the token was generated
- authorities: Realm's Roles to which the token's user belongs
4. Refresh Token
Service that regenerates the token in order to obtain another one. The endpoint is like this: https://lab.onesaitplatform.onlinecom/oauth-server/oauth/token
...
- Headers:
- Authorization: (client:secret b64)
- Content-Type: application/x-www-form-urlencoded
- Body:
- grant_type: refresh_token (for token refresh)
- refresh_token: refresh token obtained when generating the token)
Using Postman:
The result is the same as for a get token request:
The refresh token is one-use token. After regenerating the token, a new refresh token will be provided.
5. Revoke Token
As an addional service, a revoke token service has been included. It allows to disable (revoke) an existing access token associated to an user.
The endpoint is like this: https://lab.onesaitplatform.onlinecom/oauth-server/openplatform-oauth/revoke_token
The POST request must include:
...
An endpoint to retrieve user claims. The url is like this: https://lab.onesaitplatform.com/oauth-server/user
The POST request must include:
...