Authentication
v1.0.1
We use
OpenID Connect 1.0
which basically works on top of OAuth 2.0
to allow services to verify the identity of an end-user or a client. This is based on the authentication performed by an open-source authentication server, Keycloak.We configured
Client Credentials Grant
for the scope of this integration. It allows us to authenticate a client and retrieve its access token dedicated to limited resources by utilizing client id
and client secret
.The client should obtain an access token by sending an
HTTP POST
request to the authentication server with its client id
and client secret
. Here is a
cURL
example to obtain a valid access token:curl -k --location --request POST 'https://customername.ouva.dev/auth/realms/ouva/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_secret=CLIENT_SECRET' \
--data-urlencode 'grant_type=client_credentials'
If the credentials get successfully validated by the authentication server (i.e. Keycloak), the server responds back with an access token right away. Having received an access token, the client can then send HTTP requests to the REST API embedding that access token in the
Bearer
request header.Tip: According to Oauth 2.0 specs, the refresh tokens should not be used in this kind of flow. So whenever the access token expires, the client should send another request to obtain a new access token.
Last modified 6mo ago