OAuth2 Authentication in Platform with OAuth2 Server

EN | ES

The platform includes an OAuth2-based Authentication server that allows users authentication.

It is the recommended authentication method (Oauth Server) as it implements the OAuth standard and covers the entire token management cycle. It also allows the use of Security Domains (Realms).

For more information you can consult the following entry: How to use OAuth2 Tokens in Platform?

As a basic introduction, the following is an example of generating an OAuth2 Token for a user.

Token generation using OAuth2 server

The endpoint that allows to generate Oauth2 tokens would correspond to:

https://<myserver>/oauth-server/oauth/token

We will use our CloudLab environment in the examples:

https://lab.onesaitplatform.com/oauth-server/oauth/token

It will be a POST request, and should include:

  • Headers:
    • Authorization: (onesaitplatform:onesaitplatform in b64) the default credentials of the platform.
  • Body:
    • grant_type: password (User/Password)
    • username: user id
    • password: user password

Using Postman to make this request:




The answer will have this format:


Highlights;

  • access_token
  • refresh_token: Refresh token (one-use).
  • expires_in: Remaining validity time (seconds).
  • authorities: User's Roles assigned (platform-generic when using default authentication).

Authentication using the Control Panel login service

In addition to the use of generic OAuth2 token, the possibility of authenticating through the platform control panel using user ID and password is provided. This implementation will be used for simple tests and simple user validations.

The endpoint that is exposed is:

https://<myserver>/controlpanel/swagger-ui.html#/Login_Oauth_service

We will use our CloudLab environment in the examples:

https://lab.onesaitplatform.com/controlpanel/swagger-ui.html#/Login_Oauth_service

This is a POST request, and should include:

  • Body: (json)
    • username: user id
    • password: user password
    • vertical (Optional only if using multitenancy platform)

A body example would be:

{"username": "developer",
"password": "XXXXXX"}

The request will be:

The result would include platform related user information (and the default assigned roles).