Reputation: 12694
HTTP requests for WSO2 Identity Server user authentication
I am writing a REST API to be consumed by our internal applications. I need to login and logout users of the identity server using code grant via http requests
I need to know how to call the following endpoints:
- /authorize (invoked from server-side)
- /accesstoken (invoked from server-side)
- /login
- /logout
CASE:
Our company has many applications. I want one point of authentication which will happen in their company-x account like how you only need to login to atlassian account to access jira and confluence cloud. The REST API I'm working is for our front-end developers (as of now).
I cannot simply let the user login to WSO2 IS since they only need a module where they can manage their company-x profile and other basic stuffs. By this I think I have 2 options:
- Customize WSO2 Identity Server UI and permissions. But the problem is, I still need an endpoint to get that id_token. I am also not sure if this is the right approach.
- Know how to call /authorize, /accesstoken, /login and /logout endpoint and write my own minimal required UI and provide an endpoint that will respond the
id_token
Upvotes: 3
Views: 1415
Answers (2)
Reputation: 3011
How about having a basic login page on front-end and use request path authenticator to get the authorization code/id_token.
Basically what this means is instead of redirecting the user to IS login page you can extract the username and password from the basic login page you created and send the authorization grant request along with the credentials.
so your authorization code request will be:
https://localhost:9443/oauth2/authorize?response_type=code&client_id=JqB4NGZLMC6L3n4jz094FMls2Joa&redirect_uri=https://localhost/callback&scope=openid§oken=<sec_token>
sec_token = base64encode(username:password)
You need to add basic-auth request path authenticator in your Service Provider configurations. This request should return you an authorization code. If you want an id_token simply use the implicit flow with request path authentication.
Upvotes: 1
Reputation: 12513
If you use code grant type, there will be a browser redirection from /authorize to /login. I don't think you can handle that by a REST call. (You might be able to handle that by calling url in location header of each 302 response. But I don't think it's a nice way to do this.) If you want to develop a REST API, I think password grant type will be more suitable.
Upvotes: 1
Related Questions
- WSO2 Identity Server 5.11.0 (Linux) - OAuth2 - CORS
- WSO2 Identity Server 5.9.0 oAuth2 type of configuration
- How to perform WSO2 user authentication
- wso2 identity server client application
- wso2 Identity server: how to get user info via OAuth2.0 token and OpenID token?
- WSO2 Identity Server REST and SOAP call
- WSO2 identity server api
- wso2 identity server oauth2 request returns HTTP error 415
- oAuth2 - WSO2 API Manager and Identity Server Integration
- Enabling OAuth 2.0 authentication for REST services using WSO2 Identity Server as Authorization server