Oauth2/ Open ID authentication

The Oauth2 authentication with the advanced IM is done in the same way as with the base IM.

 

Well Known configuration

When using this IM, there’s an endpoint that provides all the configuration needed by your apps in order to implement the authentication process.

This endpoint is accesible through the URL:

https://{DNS}/auth/realms/{realm}/.well-known/openid-configuration

For example:

https://development.onesaitplatform.com/auth/realms/onesaitplatform/.well-known/openid-configuration

The information will be shown in JSON data format.

Endpoints

Implicit grant type (password)

This is the most used Oauth2 flow.

You have to make a POST Request to the token_endpoint with the following parameters:

HTTP Headers

Authorization (Basic): using clientId and clientSecret. By default both values are “onesaitplatform”, but if you are using Realms they may change.

HTTP Body (x-www-form-urlencoded)

grant_type : password

scope: openid

username: {username}

password: {password}

If successful, an access token is returned. This token contains the claims of the logged user. You can base64 decode it or make another request to the userinfo_endpoint (see later).

 

Authorization code flow

This Oauth2 flow is used in cases where the IM is using identity brokering with other Identity Providers, such as SAML2.

You will be using the authorization_endpoint. After the log in process, and code exchange for the token, you will receive the same payload as in the implicit grant flow.

User info

This endpoint is used to check the token validity and retrieve user claims.

An HTTP GET Request has to be made with the bearer token as the Authorization header.

 



(c) 2020 Indra Soluciones Tecnologías de la Información, S.L.U.