Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-6331

FIWARE.Request.Tech.Security.IDM-KeyRock.FIWARE IdM KeyRock - Help needed with Authorization Code Grant

        Details

        • HD-Chapter:
          Security
        • HD-Enabler:
          KeyRock

          Description

          I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API.

          In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry:

          Access Token Request

          POST /oauth2/token HTTP/1.1
Host: account.lab.fiware.org
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url

          The syntax is a little ambiguous, but I have guessed that the method should be POST,
          the URI should be 

          https://account.lab.fiware.org/oauth2/token

          the headers should be

          Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

          and the body should be

          grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url

          I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, I have not found what value should be in the Authorization header. I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted.

          How exactly to formulate the Access Token Request to get that token?

          Possibly the documentation can be improved to avoid this kind of problems.

          (This problem blocks my Blocker issue [WEB-900].)

            Activity

            Ascending order - Click to sort in descending order
            Hide
            Permalink
            ariokkon Ari Okkonen added a comment - - edited

            I tried the "Implicit Grant" authorization code flow. It succeeded. So, I can do without the solution of this problem. However, if the Authorization Code Grant is not supported, it should be noted in the documentation.

            Show
            ariokkon Ari Okkonen added a comment - - edited I tried the "Implicit Grant" authorization code flow. It succeeded . So, I can do without the solution of this problem. However, if the Authorization Code Grant is not supported, it should be noted in the documentation.
            Hide
            Permalink
            aalonsog Alvaro Alonso added a comment -

            Hi, you have to use the header following the Basic Authorization standard. In this case the string resulting of the base64 codification of:

            client_id:client_secret

            BR

            Show
            aalonsog Alvaro Alonso added a comment - Hi, you have to use the header following the Basic Authorization standard. In this case the string resulting of the base64 codification of: client_id:client_secret BR

              People

              • Assignee:
                aalonsog Alvaro Alonso
                Reporter:
                ariokkon Ari Okkonen
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: