The Oauth2 authentication with the advanced IM is done in the same way as with the base IM.
Well Known configuration
When using this IM, there’s an endpoint that provides all the configuration needed by your apps in order to implement the authentication process.
This endpoint is accesible through the URL:
https://{DNS}/auth/realms/{realm}/.well-known/openid-configuration
For example:
https://development.onesaitplatform.com/auth/realms/onesaitplatform/.well-known/openid-configuration
The information will be shown in JSON data format.
Endpoints
Implicit grant type (password)
This is the most used Oauth2 flow.
You have to make a POST Request to the token_endpoint with the following parameters:
HTTP Headers
Authorization (Basic): using clientId and clientSecret. By default both values are “onesaitplatform”, but if you are using Realms they may change.
HTTP Body (x-www-form-urlencoded)
grant_type : password
scope: openid
username: {username}
password: {password}
If successful, an access token is returned. This token contains the claims of the logged user. You can base64 decode it or make another request to the userinfo_endpoint (see later).
Authorization code flow
This Oauth2 flow is used in cases where the IM is using identity brokering with other Identity Providers, such as SAML2.
You will be using the authorization_endpoint. After the log in process, and code exchange for the token, you will receive the same payload as in the implicit grant flow.
User info
This endpoint is used to check the token validity and retrieve user claims.
An HTTP GET Request has to be made with the bearer token as the Authorization header.