Beiträge in diesem Abschnitt

OAuth 2.0 Client Registration

Avatar
DRACOON Team
  • Aktualisiert
Folgen

Introduction:

DRACOON API access authorization can in addition to the X-Sds-Auth-Token also be done via an OAuth Access Token.

For information about OAuth, see: https://oauth.net/2, https://tools.ietf.org/html/rfc6749

Currently, only a Config Manager of the Provider Customers can create, change, and delete OAuth clients. However, the created clients are valid for all customers.

OAuth clients can be viewed, created, changed, and deleted via the DRACOON Web UI or API. To maintain client via the WebUI goto "System Settings -> OAuth Settings".

The following lines describe how to maintain clients via the API.

 

API End Points for OAuth Clients Creation, Update, and Deletion:

- Query all clients: GET /system/config/oauth/client
- Query one client: GET /system/config/oauth/clients/{client_id}
- Create: POST /system/config/oauth/clients
- Update: PUT /system/config/oauth/clients/{client_id}
- Delete: DELETE /system/config/oauth/clients/{client_id}

 

API Request for OAuth Clients Registration:

Request:

POST /api/v4/system/config/oauth/clients HTTP/1.1
Host: [HOST]
X-Sds-Auth-Token: [X-SDS-AUTH-TOKEN] 
Content-Type: application/json

{
   "clientName": "test",
   "clientSecret": "secret",
   "grantTypes": ["authorization_code", "implicit", "password", "refresh_token"],
   "redirectUrl": "https://api.example.com/callback",
   "accessTokenValidity": 28800,
   "refreshTokenValidity": 2592000
}

Response:

Status: 201 Created
Content-Type: application/json

{
   "clientName": "test",
   "clientId": "MTFeMz478sKuLTOE7qoeOOw5WvgnMDeR",
   "clientSecret": "secret",
   "grantTypes": ["authorization_code", "implicit", "password", "refresh_token"],
   "redirectUrl": "https://api.example.com/callback",
   "accessTokenValidity": 28800,
   "refreshTokenValidity": 2592000
}

 

Notes:

  • The client secret is optional. The server will generate one, if no client secret is provided.
  • The grant types "authorization_code", "implicit", and "password" can be activated. The grant type "client_credentials" is not supported.
  • The issuing of an long living Refresh Token can be activated via the grant type "refresh_token". (The Refresh Token is provided with the first Access Token.)
  • The expiration interval of both token is stated in seconds and is optional. (Default values: Access Token=28800(8 hours), Refresh Token=2592000(30 days))

Verwandte Beiträge

Kommentare

0 Kommentare

Zu diesem Beitrag können keine Kommentare hinterlassen werden.