Versions Compared

Old Version 4

changes.mady.by.user Onesait Platform

Saved on

compared with

New Version Current

changes.mady.by.user Onesait Platform

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EN | ES

Table of Contents

Onesait Platform is ready to work with OAuth2 authentication. Following we'll see the OAuth2 Token management flow.

1. OAuth2 Realm configuration parameters

When creating or Updating a Realm, there are two parameters to be configured associated to the OAuth Tokens:

Image Modified

  • KEY (Secret): key that will be used for clients's authentication..
  • TOKEN VALIDITY TIME (S): configurable duration (in seconds) in which the generated token will be valid.

...

The URL is like this: https://lab.onesaitplatform.onlinecom/oauth-server/oauth/token

...

Service that verifies the validity of a token. The endpoint will be like this: https://lab.onesaitplatform.onlinecom/oauth-server/openplatform-oauth/check_token

The POST request must include:

  • Headers:
    • Authorization: (client:secret b64)
  • Parameter:
    • token: token to validate

Using postman:

If the token is valid, a response will be obtained in the form:

To Highlight:

  • exp: Expiration date
  • client_id: client for which the token was generated
  • authorities: Realm's Roles to which the token's user belongs

4. Refresh Token

Service that regenerates the token in order to obtain another one. The endpoint is like this: https://lab.onesaitplatform.onlinecom/oauth-server/oauth/token

...

  • Headers:
    • Authorization: (client:secret b64)
    • Content-Type: application/x-www-form-urlencoded
  • Body:
    • grant_type: refresh_token (for token refresh)
    • refresh_token: refresh token obtained when generating the token)

Using Postman:

The result is the same as for a get token request:

Image Modified

The refresh token is one-use token. After regenerating the token, a new refresh token will be provided.

5. Revoke Token

As an addional service, a revoke token service has been included. It allows to disable (revoke) an existing access token associated to an user.

The endpoint is like this: https://lab.onesaitplatform.onlinecom/oauth-server/openplatform-oauth/revoke_token

The POST request must include:

...

An endpoint to retrieve user claims. The url is like this: https://lab.onesaitplatform.com/oauth-server/user

The POST request must include:

...