Details
-
Type: extRequest
-
Status: Closed
-
Priority: Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API.
In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry:
Access Token Request
POST /oauth2/token HTTP/1.1 Host: account.lab.fiware.org Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url
The syntax is a little ambiguous, but I have guessed that the method should be POST,
the URI should be
https://account.lab.fiware.org/oauth2/token
the headers should be
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded
and the body should be
grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url
I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, I have not found what value should be in the Authorization header. I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted.
How exactly to formulate the Access Token Request to get that token?
Possibly the documentation can be improved to avoid this kind of problems.
(This problem blocks my Blocker issue [WEB-900].)
I tried the "Implicit Grant" authorization code flow. It succeeded. So, I can do without the solution of this problem. However, if the Authorization Code Grant is not supported, it should be noted in the documentation.