Wiki source code of Authenticating with your OIDC client and fetch collab user info
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
1.2 | 1 | == Abstract == |
| 2 | |||
| 3 | You had been creating an OIDC client following our guide [[https:~~/~~/wiki.ebrains.eu/bin/view/Collabs/collaboratory-community-apps/Community%20App%20Developer%20Guide/Registering%20an%20OIDC%20client/>>https://wiki.ebrains.eu/bin/view/Collabs/collaboratory-community-apps/Community%20App%20Developer%20Guide/Registering%20an%20OIDC%20client/]] | ||
| 4 | |||
| 5 | The redirect_uri is set with the url of your application, in this exemple we will use postman, a platform for api developement, use your own application, for exemple when you loggin to this wiki, the redirect uri is [[https:~~/~~/wiki.ebrains.eu/*>>https://wiki.ebrains.eu/*]] | ||
| 6 | |||
| 7 | The client is confidential with a secret, you obtain it throught the registering oidc client tutorial above. | ||
| 8 | |||
| |
2.2 | 9 | [[image:Screenshot 2020-07-15 at 17.47.12.png]] |
| |
1.2 | 10 | |
| |
2.2 | 11 | |
| 12 | The whole authentication flow presented here is based on the official OAuth2 rfc describe in the section 4.1 | ||
| 13 | |||
| 14 | [[https:~~/~~/tools.ietf.org/html/rfc6749#section-4.1>>https://tools.ietf.org/html/rfc6749#section-4.1]] | ||
| 15 | |||
| 16 | == Authentication flow == | ||
| 17 | |||
| 18 | === Authorization Code Grant === | ||
| 19 | |||
| 20 | ==== Request ==== | ||
| 21 | |||
| 22 | /GET on [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth >>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth]] | ||
| 23 | |||
| 24 | with query parameters | ||
| 25 | |||
| 26 | * response_type=code | ||
| 27 | * client_id=community-apps-tutorial | ||
| 28 | * redirect_uri=[[https:~~/~~/www.getpostman.com/oauth2/callback>>https://www.getpostman.com/oauth2/callback]] | ||
| 29 | * login=true | ||
| 30 | * scope=openid+group+team | ||
| 31 | |||
| 32 | so | ||
| 33 | |||
| 34 | [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth?response_type=code&client_id=community-apps-tutorial&redirect_uri=https:~~/~~/www.getpostman.com/oauth2/callback&login=true&scope=openid+group+team>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth?response_type=code&client_id=community-apps-tutorial&redirect_uri=https://www.getpostman.com/oauth2/callback&login=true&scope=openid+group+team]] | ||
| 35 | |||
| 36 | Of course replace **client_id** and **redirect_uri** with your own configuration | ||
| 37 | |||
| 38 | This will redirect you to the login page of **iam **where your user must enter they username/password | ||
| 39 | |||
| 40 | ==== Scope ==== | ||
| 41 | |||
| 42 | In the request you can see a scope **parameter** | ||
| 43 | |||
| 44 | * **openid : **This scope is required in oidc, it contains basic information of the user such as it username, email and full name. | ||
| 45 | * **group **( optional ) **:** | ||
| 46 | |||
| 47 | ==== Response ==== | ||
| 48 | |||
| 49 | After the loggin, you got a 301 redirection and 200 success http response with a **code** inside | ||
| 50 | |||
| 51 | [[https:~~/~~/www.getpostman.com/oauth2/callback?session_state=a0ff8a68-2654-43ef-977a-6c15ce343546&code=f3f04f93-hbp-482d-ac3d-demo.turtorial.7122c1d9-3f7e-4d80-9c4f-dcd244bc2ec7>>https://www.getpostman.com/oauth2/callback?session_state=a0ff8a68-2654-43ef-977a-6c15ce598886&code=f3f04f93-b98d-482d-ac3d-414cead54de0.a0ff8a68-2654-43ef-977a-6c15ce598886.7122c1d9-3f7e-4d80-9c4f-dcd244bc2ec7]] | ||
| 52 | |||
| 53 | (% class="box infomessage" %) | ||
| 54 | ((( | ||
| 55 | the code is very important for the next step here the code is //f3f04f93-hbp-482d-ac3d-demo.turtorial.7122c1d9-3f7e-4d80-9c4f-dcd244bc2ec7// | ||
| 56 | ))) | ||
| 57 | |||
| 58 | |||
| |
1.2 | 59 |