Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API.
In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry:
Access Token Request
POST /oauth2/token HTTP/1.1 Host: account.lab.fiware.org Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url
The syntax is a little ambiguous, but I have guessed that the method should be POST,
the URI should be
https://account.lab.fiware.org/oauth2/token
the headers should be
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded
and the body should be
grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url
I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, I have not found what value should be in the Authorization header. I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted.
How exactly to formulate the Access Token Request to get that token?
Possibly the documentation can be improved to avoid this kind of problems.
(This problem blocks my Blocker issue [WEB-900].)
Activity
| Field | Original Value | New Value |
|---|---|---|
| Description |
I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API. I In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry: *Access Token Request* {code:java} POST /oauth2/token HTTP/1.1 Host: account.lab.fiware.org Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} The syntax is a little ambiguous, but I have guessed that the method should be *POST*, the URI should be {code:java} https://account.lab.fiware.org//oauth2/token {code} the headers should be {code:java} Authorization: Basic {color:red}czZCaGRSa3F0MzpnWDFmQmF0M2JW{color} Content-Type: application/x-www-form-urlencoded {code} and the body should be {code:java} grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, I have not found what value should be in the Authorization header. I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted. How exactly to formulate the Access Token Request to get that token? Possibly the documentation can be improved to avoid this kind of problems. (This problem blocks my Blocker issue [WEB-900](https://jira.fiware.org/browse/WEB-900).) |
I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API. I In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry: *Access Token Request* {code:java} POST /oauth2/token HTTP/1.1 Host: account.lab.fiware.org Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} The syntax is a little ambiguous, but I have guessed that the method should be *POST*, the URI should be {code:java} https://account.lab.fiware.org//oauth2/token {code} the headers should be {code:java} Authorization: Basic {color:red}czZCaGRSa3F0MzpnWDFmQmF0M2JW{color} Content-Type: application/x-www-form-urlencoded {code} and the body should be {code:java} grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, I have not found what value should be in the Authorization header. I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted. How exactly to formulate the Access Token Request to get that token? Possibly the documentation can be improved to avoid this kind of problems. (This problem blocks my Blocker issue [WEB-900].) |
| Description |
I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API. I In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry: *Access Token Request* {code:java} POST /oauth2/token HTTP/1.1 Host: account.lab.fiware.org Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} The syntax is a little ambiguous, but I have guessed that the method should be *POST*, the URI should be {code:java} https://account.lab.fiware.org//oauth2/token {code} the headers should be {code:java} Authorization: Basic {color:red}czZCaGRSa3F0MzpnWDFmQmF0M2JW{color} Content-Type: application/x-www-form-urlencoded {code} and the body should be {code:java} grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, I have not found what value should be in the Authorization header. I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted. How exactly to formulate the Access Token Request to get that token? Possibly the documentation can be improved to avoid this kind of problems. (This problem blocks my Blocker issue [WEB-900].) |
I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API. I In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry: *Access Token Request* {code:java} POST /oauth2/token HTTP/1.1 Host: account.lab.fiware.org Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} The syntax is a little ambiguous, but I have guessed that the method should be *POST*, the URI should be {code:java} https://account.lab.fiware.org/oauth2/token {code} the headers should be {code:java} Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded {code} and the body should be {code:java} grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, I have not found what value should be in the Authorization header. I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted. How exactly to formulate the Access Token Request to get that token? Possibly the documentation can be improved to avoid this kind of problems. (This problem blocks my Blocker issue [WEB-900].) |
| Description |
I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API. I In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry: *Access Token Request* {code:java} POST /oauth2/token HTTP/1.1 Host: account.lab.fiware.org Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} The syntax is a little ambiguous, but I have guessed that the method should be *POST*, the URI should be {code:java} https://account.lab.fiware.org/oauth2/token {code} the headers should be {code:java} Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded {code} and the body should be {code:java} grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, I have not found what value should be in the Authorization header. I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted. How exactly to formulate the Access Token Request to get that token? Possibly the documentation can be improved to avoid this kind of problems. (This problem blocks my Blocker issue [WEB-900].) |
I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API. I In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry: *Access Token Request* {code:java} POST /oauth2/token HTTP/1.1 Host: account.lab.fiware.org Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} The syntax is a little ambiguous, but I have guessed that the method should be *POST*, the URI should be {code:java} https://account.lab.fiware.org/oauth2/token {code} the headers should be {code:java} Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded {code} and the body should be {code:java} grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, *I have not found what value should be in the Authorization header.* I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted. How exactly to formulate the Access Token Request to get that token? Possibly the documentation can be improved to avoid this kind of problems. (This problem blocks my Blocker issue [WEB-900].) |
| Link | This issue blocks WEB-900 [ WEB-900 ] |
| Description |
I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API. I In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry: *Access Token Request* {code:java} POST /oauth2/token HTTP/1.1 Host: account.lab.fiware.org Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} The syntax is a little ambiguous, but I have guessed that the method should be *POST*, the URI should be {code:java} https://account.lab.fiware.org/oauth2/token {code} the headers should be {code:java} Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded {code} and the body should be {code:java} grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, *I have not found what value should be in the Authorization header.* I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted. How exactly to formulate the Access Token Request to get that token? Possibly the documentation can be improved to avoid this kind of problems. (This problem blocks my Blocker issue [WEB-900].) |
I am integrating the KeyRock authentication to POI-DP. It seems that I cannot use available libraries, so, I have to directly use the REST API. In the document http://fiware-idm.readthedocs.org/en/latest/oauth2.html is the following entry: *Access Token Request* {code:java} POST /oauth2/token HTTP/1.1 Host: account.lab.fiware.org Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} The syntax is a little ambiguous, but I have guessed that the method should be *POST*, the URI should be {code:java} https://account.lab.fiware.org/oauth2/token {code} the headers should be {code:java} Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded {code} and the body should be {code:java} grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url {code} I also guess that the code in the body should be the one received in the Authorization Response, and the redirect_uri should be the one registered in the authentication server. However, *I have not found what value should be in the Authorization header.* I have got responses 400, 404, and 500 to my hacking experiments, but my imagination has exhausted. How exactly to formulate the Access Token Request to get that token? Possibly the documentation can be improved to avoid this kind of problems. (This problem blocks my Blocker issue [WEB-900].) |
| HD-Enabler | KeyRock [ 10889 ] |
| Assignee | Manuel Escriche [ mev ] |
| HD-Chapter | Security [ 10841 ] |
| Assignee | Alvaro Alonso [ aalonsog ] |
| Link | This issue blocks WEB-900 [ WEB-900 ] |
| Summary | FIWARE IdM KeyRock - Help needed with Access Token Request | FIWARE IdM KeyRock - Help needed with Authorization Code Grant |
| Priority | Blocker [ 1 ] | Major [ 3 ] |
Hi, you have to use the header following the Basic Authorization standard. In this case the string resulting of the base64 codification of:
client_id:client_secret
BR
Show
Alvaro Alonso
added a comment - Hi, you have to use the header following the Basic Authorization standard. In this case the string resulting of the base64 codification of:
client_id:client_secret
BR
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
| Resolution | Done [ 10000 ] |
| Summary | FIWARE IdM KeyRock - Help needed with Authorization Code Grant | FIWARE.Request.Tech.Security.IDM-KeyRock.FIWARE IdM KeyRock - Help needed with Authorization Code Grant |
| Fix Version/s | 2021 [ 12600 ] |
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
6d 1h 30m | 1 | Alvaro Alonso | 13/Apr/16 1:13 PM | |||||
|
1s | 1 | Alvaro Alonso | 13/Apr/16 1:13 PM | |||||
|
1s | 1 | Alvaro Alonso | 13/Apr/16 1:13 PM |
I tried the "Implicit Grant" authorization code flow. It succeeded. So, I can do without the solution of this problem. However, if the Authorization Code Grant is not supported, it should be noted in the documentation.