Last modified by messines on 2021/06/08 17:32
From version 5.1
edited by messines
on 2020/07/15 18:31
Change comment: There is no comment for this version
To version 3.1
edited by messines
on 2020/07/15 18:20
Change comment: Uploaded new attachment "Screenshot 2020-07-15 at 18.20.34.png", version {1}

Summary

Details

Page properties
Content
... ... @@ -42,8 +42,7 @@
42 42  In the request you can see a scope **parameter**
43 43  
44 44  * **openid : **This scope is required in oidc, it contains basic information of the user such as it username, email and full name.
45 -* **group **( optional ) **: **This scope is provided by our service, if you add it to your authorization code grant request, the futur access token generated will be able to read which units and groups the logged user belongs, it can be very important for your application. You can notice on the screenshot in the abstract section that **Consent required **is **on, **it means that at loggin time, the user will be asked if he allow your application to access there unit and group membership
46 -* **team **( optional ) **: **Very same than group, but for collab, with this scope your application will know in which collab the authenticated user belong
45 +* **group **( optional ) **:**
47 47  
48 48  ==== Response ====
49 49  
... ... @@ -57,88 +57,4 @@
57 57  )))
58 58  
59 59  
60 -=== Access Token Request ===
61 -
62 -==== Request ====
63 -
64 -Now that you have the **authorization** **code, **you can reach the **/token **endpoint and fetch the user access token
65 -
66 -/POST : https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token
67 -
68 -with params
69 -
70 -* grant_type : authorization_code
71 -* code : //f3f04f93-hbp-482d-ac3d-demo.turtorial.7122c1d9-3f7e-4d80-9c4f-dcd244bc2ec7//
72 -* redirect_uri : [[https:~~/~~/www.getpostman.com/oauth2/callback>>https://www.getpostman.com/oauth2/callback]]
73 -* client_id : community-apps-tutorial
74 -* client_secret : your client secret obtained during client creation
75 -
76 -[[image:Screenshot 2020-07-15 at 18.20.34.png]]
77 -
78 -
79 -==== Response ====
80 -
81 -200 OK
82 -
83 -(% class="box" %)
84 -(((
85 -{
86 - "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAi...pP5vaNwvvsaNGEA",
87 - "expires_in": 604773,
88 - "refresh_expires_in": 604773,
89 - "refresh_token": "eyJh...vC5eIR1rNhRJ4d8",
90 - "token_type": "bearer",
91 - "id_token": "eyJ...YOwdQ",
92 - "not-before-policy": 0,
93 - "session_state": "76e553bf-ba2e-45b6-8c6c-c867772b40ec",
94 - "scope": "openid"
95 -}
96 -)))
97 -
98 -You get a response containing the access token and others
99 -
100 -== Access user info ==
101 -
102 -Now that your application got the access token of your user, it's really easy to fetch user info
103 -
104 -(% class="box infomessage" %)
105 -(((
106 -/GET https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo
107 -)))
108 -
109 -and just provide the access token as **Authentication** header
110 -
111 -[[image:Screenshot 2020-07-15 at 18.28.28.png||height="161" width="566"]]
112 -
113 -
114 -As response you will have a json with all the information on the logged user, for my user
115 -
116 -(% class="box" %)
117 -(((
118 -{
119 - "sub": "fa2db206-3eb4-403c-894a-810ebaba98e1",
120 - "unit": [
121 - "/collab-devs",
122 - "/collab-team",
123 - "/all/institutions/switzerland/epfl",
124 - "/all/projects/hbp/consortium/SGA2/SP05",
125 - "/all/projects/hbp/consortium/SGA3/WP6/T6_11"
126 - ],
127 - "roles": {
128 - "jupyterhub": [
129 - "feature:authenticate"
130 - ],
131 - "xwiki": [
132 - "feature:authenticate"
133 - ],
134 - "team": [
135 - "collab-collaboratory-community-apps-editor"
136 - ],
137 - "group": [
138 - "group-collaboratory-developers",
139 - "unit-all-projects-hbp-consortium-sga2-sp05-administrator"
140 - ]
141 - },
142 - "mitreid-sub": "305862"
143 -}
144 -)))
59 +
Screenshot 2020-07-15 at 18.28.28.png
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.messines
Size
... ... @@ -1,1 +1,0 @@
1 -58.4 KB
Content