Version 5.1 by messines on 2024/08/28 13:19
Show last authors
1 == Update your client to enable Device Flow ==
2
3 Not available through the UI yet, use the [[lab notebook>>https://lab.ch.ebrains.eu/hub/user-redirect/lab/tree/shared/Collaboratory%20Community%20Apps/Managing%20an%20OpenID%20Connect%20client%20-%20V2.ipynb]]
4
5 Add an attribute to the client JSON and update it
6
7
8 (% class="box" %)
9 (((
10 "attributes": {
11 "oauth2.device.authorization.grant.enabled": true
12 }
13 )))
14
15 == Request a code ==
16
17 {{code language="json"}}
18 curl --location --request POST 'https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth/device' \
19 --header 'Content-Type: application/x-www-form-urlencoded' \
20 --data-urlencode 'client_id=yourClientId' \
21 --data-urlencode 'client_secret=yourClientSecret'
22 {{/code}}
23
24
25 Secret is not require for public client.
26 \\The API will answer with a link
27
28 {{code language="json"}}
29 {
30 "device_code":"0zQm[...]e5h5kUvNYx0",
31 "user_code":"IWBR-DDY",
32 "verification_uri":"https://iam.ebrains.eu/auth/realms/hbp/device",
33 "verification_uri_complete":"https://iam.ebrains.eu/auth/realms/hbp/device?user_code=IWBR-DDYK",
34 "expires_in":600,
35 "interval":5
36 }
37 {{/code}}
38
39 == Visit the link to validate your code ==
40
41 Here you just need to visit the link in verification_uri_complete to validate your login and consent
42
43 == Request your access token ==
44
45 Now you just need to request your access token, you need to enter the device_code provided in the first call above
46
47 {{code language="bash"}}
48 curl --location --request POST 'https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token' \
49 --header 'Content-Type: application/x-www-form-urlencoded' \
50 --data-urlencode 'device_code=0zQm[...]e5h5kUvNYx0' \
51 --data-urlencode 'client_id=yourClientId' \
52 --data-urlencode 'client_secret=yourClientSecret' \
53 --data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:device_code'
54 {{/code}}