Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

onesait Platform is ready to work with OAuth2 authentication. Following we'll see the Oauth2 Token management flow.

1. Oauth2 Realm configuration parameters

When creating or Updating a Realm, there are two parameters to be configured associated to the Oauth Tokens:

  • KEY (Secret): key that will be used for clients's authentication..
  • TOKEN VALIDITY TIME (S): configurable duration (in seconds) in which the generated token will be valid.

They are non-obligatory attributes. In case of not informing them, they will take default values ​​(onesaitplatform and 43200 (12 hours)).

2. Token Generation

There is an endpoint that allows Oauth2 token generation. The URL is:

https://www.onesaitplatform.online/oauth-server/oauth/token

It's a POST request, and it must include:

  • Headers:
    • Authorization: (client:secret b64)
    • Content-Type: application/x-www-form-urlencoded
  • Body:
    • grant_type: password (User/Password request)
    • username: user's Id
    • password: user's password
    • clientId: client's Id for Token use
    • scope: Token scope 

Using Postman to send this request, it will be something like this:




The response will be like this:



To Highlight:

  • access_token: Access token
  • refresh_token: Refresh Token (one use)
  • expires_in: Remaining validity time (seconds)
  • authorities: Realms' roles asigned to the user

3. Chek Token

Service that verifies the validity of a token. The endpoint will be:

https://www.onesaitplatform.online/oauth-server/oauth/check_token

The request must include:

  • Headers:
    • Authorization: (client:secret b64)
  • Parameter:
    • token: token to validate

Using postman:



If the token is valid, a response will be obtained in the form:



To Highlight:

  • exp: Expiration date
  • client_id: client for which the token was generated
  • authorities: Realm's Roles to which the token's user belongs

4. Refresh Token

Service that regenerates the token in order to obtain another one. The endpoint is:

https://www.onesaitplatform.online/oauth-server/oauth/token

(the same as for getting a new token, changes the grant-tpe).

The request must include:

  • Headers:
    • Authorization: (client:secret b64)
    • Content-Type: application/x-www-form-urlencoded
  • Body:
    • grant_type: refresh_token (for token refresh)
    • refresh_token: refresh token obtained when generating the token)

Using Postman:



The result is the same as for a get token request:



The refresh token is one-use token. After regenerating the token, a new refresh token will be provided.

5. Revoke Token

As an addional service, a revoke token service has been included. It allows to disable (revoke) an existing access token associated to an user.

The endpoint is:

https://www.onesaitplatform.online/oauth-server/openplatform-oauth/revoke_token

The request must include:

Headers:

  • Authorization: (cliente:secret en b64)
  • Content-Type: application/x-www-form-urlencoded

Query Param:

  • token: (token to revoke)

In Postman:



The result will indicate that the token is not longer valid:


  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.