Introduction
DRACOON API access authorization can in addition to the X-Sds-Auth-Token also be done via an OAuth Access Token.
For information about OAuth, see: https://oauth.net/2, https://tools.ietf.org/html/rfc6749
Currently, only a Config Manager of the Provider Customers can create, change, and delete OAuth clients. However, the created clients are valid for all customers.
OAuth clients can be viewed, created, changed, and deleted via the DRACOON Web UI or API. To maintain clients via the Web App, go to "System Settings -> OAuth Settings".
The following lines describe how to maintain clients via the API.
API End Points for OAuth Clients Creation, Update, and Deletion
- Query all clients: | GET | /system/config/oauth/client |
- Query one client: | GET | /system/config/oauth/clients/{client_id} |
- Create: | POST | /system/config/oauth/clients |
- Update: | PUT | /system/config/oauth/clients/{client_id} |
- Delete: | DELETE | /system/config/oauth/clients/{client_id} |
API Request for OAuth Clients Registration
Request:
POST /api/v4/system/config/oauth/clients HTTP/1.1
Host: [HOST]
X-Sds-Auth-Token: [X-SDS-AUTH-TOKEN]
Content-Type: application/json
{
"clientName": "test",
"clientSecret": "secret",
"grantTypes": ["authorization_code", "implicit", "password", "refresh_token"],
"redirectUrl": "https://api.example.com/callback",
"accessTokenValidity": 28800,
"refreshTokenValidity": 2592000
}
Response:
Status: 201 Created
Content-Type: application/json
{
"clientName": "test",
"clientId": "MTFeMz478sKuLTOE7qoeOOw5WvgnMDeR",
"clientSecret": "secret",
"grantTypes": ["authorization_code", "implicit", "password", "refresh_token"],
"redirectUrl": "https://api.example.com/callback",
"accessTokenValidity": 28800,
"refreshTokenValidity": 2592000
}
Notes
- The client secret is optional. The server will generate one, if no client secret is provided.
- The grant types "authorization_code", "implicit", and "password" can be activated. The grant type "client_credentials" is not supported.
- The issuing of an long living Refresh Token can be activated via the grant type "refresh_token". (The Refresh Token is provided with the first Access Token.)
- The expiration interval of both token is stated in seconds and is optional. (Default values: Access Token=28800(8 hours), Refresh Token=2592000(30 days))
Kommentare
0 Kommentare
Zu diesem Beitrag können keine Kommentare hinterlassen werden.