Changes for page 2. Authenticating with your OIDC client and fetch collab user info
Last modified by messines on 2021/06/08 17:32
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -19,8 +19,6 @@ 19 19 20 20 === Authorization Code Grant === 21 21 22 -The first step of the authentication protocol is to fetch an **authorization code **for your client and your user 23 - 24 24 ==== Request ==== 25 25 26 26 /GET on [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth >>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth]] ... ... @@ -43,7 +43,7 @@ 43 43 44 44 ==== Scope ==== 45 45 46 -In the request you can see a **scope****parameter**44 +In the request you can see a scope **parameter** 47 47 48 48 * **openid : **This scope is required in oidc, it contains basic information of the user such as it username, email and full name. 49 49 * **group **( optional ) **: **This scope is provided by our service, if you add it to your authorization code grant request, the futur access token generated will be able to read which units and groups the logged user belongs, it can be very important for your application. You can notice on the screenshot in the abstract section that **Consent required **is **on, **it means that at loggin time, the user will be asked if he allow your application to access there unit and group membership ... ... @@ -103,8 +103,6 @@ 103 103 104 104 == Access user info == 105 105 106 -==== Request ==== 107 - 108 108 Now that your application got the access token of your user, it's really easy to fetch user info 109 109 110 110 (% class="box infomessage" %) ... ... @@ -112,13 +112,11 @@ 112 112 /GET https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo 113 113 ))) 114 114 115 -and just provide the access token as **Auth orization** header111 +and just provide the access token as **Authentication** header 116 116 117 117 [[image:Screenshot 2020-07-15 at 18.28.28.png||height="161" width="566"]] 118 118 119 119 120 -==== Response ==== 121 - 122 122 As response you will have a json with all the information on the logged user, for my user 123 123 124 124 (% class="box" %)