Features | Open Source | Releases | Docs | Try us free | Blog | Product

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

onesait Platform is ready to work with OAuth2 authentication. Following we'll see the Oauth2 Token management flow.

1. Oauth2 Realm configuration parameters

When creating or Updating a Realm, there are two parameters to be configured associated to the Oauth Tokens:

  • KEY (Secret): key that will be used for clients's authentication..
  • TOKEN VALIDITY TIME (S): configurable duration (in seconds) in which the generated token will be valid.

They are non-obligatory attributes. In case of not informing them, they will take default values ​​(onesaitplatform and 43200 (12 hours)).

2. Token Generation

There is an endpoint that allows Oauth2 token generation. The URL is:

https://www.onesaitplatform.online/oauth-server/oauth/token

It's a POST request, and it must include:

  • Headers:
    • Authorization: (client:secret b64)
    • Content-Type: application/x-www-form-urlencoded
  • Body:
    • grant_type: password (User/Password request)
    • username: user's Id
    • password: user's password
    • clientId: client's Id for Token use
    • scope: Token scope 

Using Postman to send this request, it will be something like this:




The response will be like this:



To Highlight:

  • access_token: Access token
  • refresh_token: Refresh Token (one use)
  • expires_in: Remaining validity time (seconds)
  • authorities: Realms' roles asigned to the user

3. Chek Token

Service that verifies the validity of a token. The endpoint will be:

https://www.onesaitplatform.online/oauth-server/oauth/check_token

The request must include:

  • Headers:
    • Authorization: (client:secret b64)
  • Parameter:
    • token: token to validate

Using postman:



If the token is valid, a response will be obtained in the form:



To Highlight:

  • exp: Expiration date
  • client_id: client for which the token was generated
  • authorities: Realm's Roles to which the token's user belongs

4. Refresh Token

Service that regenerates the token in order to obtain another one. The endpoint is:

https://www.onesaitplatform.online/oauth-server/oauth/token

(the same as for getting a new token, changes the grant-tpe).

The request must include:

  • Headers:
    • Authorization: (client:secret b64)
    • Content-Type: application/x-www-form-urlencoded
  • Body:
    • grant_type: refresh_token (for token refresh)
    • refresh_token: refresh token obtained when generating the token)

Using Postman:



The result is the same as for a get token request:



The refresh token is one-use token. After regenerating the token, a new refresh token will be provided.

5. Revoke Token

As an addional service, a revoke token service has been included. It allows to disable (revoke) an existing access token associated to an user.

The endpoint is:

https://www.onesaitplatform.online/oauth-server/openplatform-oauth/revoke_token

The request must include:

Headers:

  • Authorization: (cliente:secret en b64)
  • Content-Type: application/x-www-form-urlencoded

Query Param:

  • token: (token to revoke)

In Postman:



The result will indicate that the token is not longer valid:


  • No labels


(c) 2020 Indra Soluciones Tecnologías de la Información, S.L.U.