Versions Compared

Old Version 23

changes.mady.by.user Emil Ifrim

Saved on

compared with

New Version 24

changes.mady.by.user Emil Ifrim

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. User-authenticatio - this corresponds to a Selfcare use-case scenario. The authentication is done by validation username/password in the USERS table. An URL example for this scenario is (note grant_type=password value):

    Code Block
    titleAuthentication URL
    https://host:port/appcontext/oauth/token?username=#myusername&password=#mypassword&grant_type=password&brandKeybrand_key=#myBrandKey
    Code Block
    titleCURL example
    CURL example:  curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=password&username=#myusername&password=mypassword&brandKeybrand_key=#myBrandKey"

where:
#myusername, #mypassword are taken from Users table
#myBrandKey is taken from the Brand table
myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table
    Code Block
    titleAngular example
    function login(credentials) {
      var data = 'username=' +
        encodeURIComponent(credentials.username) +
        '&password=' +
        encodeURIComponent(credentials.password) +
        '&grant_type=password&scope=read%20write&' +
        'client_id=myclientid&' +
        'brandKeybrand_key=myBrandKey';
      return $http
        .post('/oauth/token',
            data,
            {
              headers : {
                'Content-Type' : 'application/x-www-form-urlencoded',
                'Accept' : 'application/json',
                'Authorization' : 'Basic ' +
                  base64Service.encode('myclientid'	+ ':' + 'myclientsecret')
              }
            }).success(
              function(response) {
                //store the access token
                return response;
              });
    } 
 
 
where:
credentials.username, credentials.password are taken from Users table
myBrandKey is taken from the Brand table
myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table

  2. Operator-authentication - this correspnds to a Customercare use-case scenario. The authentication is done by validation username/password in the OPERATORS table. An URL example for this scenario is (note grant_type=operator_password value):

    Code Block
    titleAuthorization URL
    https://host:port/appcontext/oauth/token?username=#myusername&password=#mypassword&grant_type=operator_password&brandKeybrand_key=#myBrandKey
    Code Block
    titleCURL example
    CURL example:  curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=operator_password&username=#myusername&password=mypassword&brandKeybrand_key=#myBrandKey"

where:
#myusername, #mypassword are taken from Operators table
#myBrandKey is taken from the Brand table
myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table

...

  1. Brand Access
    In order to obtain an access token, the client has to have configured the proper authorization. That is, in the OAUTH_CLIENT_DETAILS table, a client has to have defined proper values in AUTHORITIES column. Those authorities must have the following prefix: ACCESS_BRAND_ .After the prefix there should be the brandKey brand_key (uppercase) that the respective client has access to. The brandKey brand_key parameter should be sent as QUERY parameter in the request for the token.

    Example of registered client:

    CLIENT_IDRESOURCE_IDSCLIENT_SECRETSCOPEAUTHORIZED_GRANT_TYPESWEB_SERVRE_REDIRECT_URIAUTHORITIESACCESS_TOKEN_VALIDITYADDITIONAL_INFORMATIONAUTOAPROVE
    swagger-ui swagger-ui-secretread,writepassword,operator_password,client_credentials ACCESS_BRAND_BRAND_X600  



    Example: given a brand key with a value of RATOR_X , the authority tag should be ACCESS_BRAND_RATOR_X .
    If a client has access to multiple brands, those should be separated by ,  (e.g ACCESS_BRAND_RATOR_X, ACCESS_BRAND_RATOR_Y)

    Code Block
    titleCURL example
    CURL example:  curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=operator_password&username=#myusername&password=mypassword&brandKeybrand_key=RATOR_X"

  2. Fine-grained access control is about limiting the access to specific resources, or even to limit the access to code blocks within a single resource. The current version of the REST app uses our own framework for this. The framework defines two abstract classes, whose implementations stand in a one-to-one relationship with a resource (an @Path annotated method). The two classes reflect the kind of questions/checks needed in the code.

...

Code Block
titleAuthorization URL
https://host:port/appcontext/oauth/token?grant_type=client_credentials&brandKeybrand_key=a_valid_brand_key
Code Block
titleCURL example
CURL example:  curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=client_credentials&brandKeybrand_key=#myBrandKey"

where:
myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table
#myBrandKey is taken from the Brand table

...