OAuth 2.0 Client Registration

Introduction:

DRACOON API access authorization can in addition to the X-Sds-Auth-Token also be done via an OAuth Access Token.

For information about OAuth, see: https://oauth.net/2, https://tools.ietf.org/html/rfc6749

This article describes the registration of an OAuth client. Currently, OAuth clients can only be created, changed, and deleted via DRACOON API. Unfortunately, the Web UI does not contain an user interface for this yet.

API End Points for OAuth Clients Creation, Update, and Deletion:

Only a Config Manager of the Provider Customers can create, change, and delete clients. However, the created clients are valid for all customers.

API Request for OAuth Clients Registration:

Request:

POST /api/v4/system/config/oauth/clients HTTP/1.1
Host: [HOST]
X-Sds-Auth-Token: [X-SDS-AUTH-TOKEN] 
Content-Type: application/json

{
   "clientId": "test",
   "clientSecret": "secret",
   "grantTypes": ["authorization_code", "implicit", "password", "refresh_token"],
   "redirectUrl": "https://api.example.com/callback",
   "accessTokenValidity": 28800,
   "refreshTokenValidity": 2592000
}

Response:

Status: 201 Created
Content-Type: application/json

{
   "clientId": "test",
   "clientSecret": "secret",
   "grantTypes": ["authorization_code", "implicit", "password", "refresh_token"],
   "redirectUrl": "https://api.example.com/callback",
   "accessTokenValidity": 28800,
   "refreshTokenValidity": 2592000
}

Notes:

• The client secret is optional. The server will generate one, if no client secret is provided.
• The grant types "authorization_code", "implicit", and "password" can be activated. The grant type "client_credentials" is not supported.
• The issuing of an long living Refresh Token can be activated via the grant type "refresh_token". (The Refresh Token is provided with the first Access Token.)
• The expiration interval of both token is stated in seconds and is optional. (Default values: Access Token=28800(8 hours), Refresh Token=2592000(30 days))