Last modified by messines on 2021/06/08 17:32
From version 6.1
edited by messines
on 2020/07/15 18:33
Change comment: Uploaded new attachment "Screenshot 2020-07-15 at 18.32.14.png", version {1}
To version 12.1
edited by messines
on 2020/07/15 18:44
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -6,7 +6,7 @@
6 6  
7 7  The client is confidential with a secret, you obtain it throught the registering oidc client tutorial above.
8 8  
9 -[[image:Screenshot 2020-07-15 at 17.47.12.png]]
9 +[[image:Screenshot 2020-07-15 at 17.47.12.png||height="517" width="758"]]
10 10  
11 11  
12 12  The whole authentication flow presented here is based on the official OAuth2 rfc describe in the section 4.1
... ... @@ -13,10 +13,14 @@
13 13  
14 14  [[https:~~/~~/tools.ietf.org/html/rfc6749#section-4.1>>https://tools.ietf.org/html/rfc6749#section-4.1]]
15 15  
16 +[[image:Screenshot 2020-07-15 at 18.32.14.png||height="410" width="474"]]
17 +
16 16  == Authentication flow ==
17 17  
18 18  === Authorization Code Grant ===
19 19  
22 +The first step of the authentication protocol is to fetch an **authorization code **for your client and your user
23 +
20 20  ==== Request ====
21 21  
22 22  /GET on [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth >>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth]]
... ... @@ -39,7 +39,7 @@
39 39  
40 40  ==== Scope ====
41 41  
42 -In the request you can see a scope **parameter**
46 +In the request you can see a **scope** **parameter**
43 43  
44 44  * **openid : **This scope is required in oidc, it contains basic information of the user such as it username, email and full name.
45 45  * **group **( optional ) **: **This scope is provided by our service, if you add it to your authorization code grant request, the futur access token generated will be able to read which units and groups the logged user belongs, it can be very important for your application. You can notice on the screenshot in the abstract section that **Consent required **is **on, **it means that at loggin time, the user will be asked if he allow your application to access there unit and group membership
... ... @@ -99,6 +99,8 @@
99 99  
100 100  == Access user info ==
101 101  
106 +==== Request ====
107 +
102 102  Now that your application got the access token of your user, it's really easy to fetch user info
103 103  
104 104  (% class="box infomessage" %)
... ... @@ -106,11 +106,13 @@
106 106  /GET https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo
107 107  )))
108 108  
109 -and just provide the access token as **Authentication** header
115 +and just provide the access token as **Authorization** header
110 110  
111 111  [[image:Screenshot 2020-07-15 at 18.28.28.png||height="161" width="566"]]
112 112  
113 113  
120 +==== Response ====
121 +
114 114  As response you will have a json with all the information on the logged user, for my user
115 115  
116 116  (% class="box" %)