Skip to content
This repository has been archived by the owner on Mar 14, 2019. It is now read-only.

Using the FIWARE LAB instance

Álvaro Alonso edited this page Aug 31, 2015 · 2 revisions

DEPRECATED - Important: This wiki documentation is deprecated. Please use the documentation included in the main README of this project

There is already a deployed instance of the FIWARE IdM available at https://account.lab.fiware.org/

Register your user account

In order to start using the FIWARE IdM, you must first register your own account.

Register your application

The next step is registering you own application. The Callback URL attribute is a mandatory parameter used in OAuth2 authentication. The IdM provides you with a Client ID and a Client Secret which are used in OAuth2

OAuth2 Authentication

The FIWARE IdM complies with the OAuth2 standard described in RFC 6749. Currently we support two grant types, the Authorization Code Grant and the Resource Owner Password Credentials Grant.

Authorization Code Grant

Get Access Code Request

GET /oauth2/authorize?response_type=code&client_id=1&state=xyz
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url HTTP/1.1
Host: account.lab.fiware.org

The response_type attribute is mandatory and must be set to code. The client_id attribute is the one provided by the FIWARE IdM upon application registration. The redirect_uri attribute must match the Callback URL attribute provided to the IdM within the application registration.

HTTP/1.1 302 Found
Location: https://client.example.com/callback_url?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz

Get Access Token Request

POST /oauth2/token HTTP/1.1
Host: account.lab.fiware.org
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url

The Authorization Basic header is built with the Client ID and Client Secret credentials provided by the FIWARE IdM following the standard. So the string will be

base64(client_id:client_secret)

The redirect_uri parameter must match the Callback URL attribute provided in the application registration.

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
    "access_token":"2YotnFZFEjr1zCsicMWpAA",
    "token_type":"bearer",
    "expires_in":3600,
    "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
}

Resource Owner Password Credentials Grant

POST /oauth2/token HTTP/1.1
Host: account.lab.fiware.org
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded

grant_type=password&username=demo&password=123

Get user information and roles

GET /user?access_token=2YotnFZFEjr1zCsicMWpAA
{
  id: 1,
  displayName: "Demo user",
  email: "[email protected]",
  roles: [
    {
      id: 15,
      name: "Manager"
    },
    {
      id: 7
      name: "Ticket manager"
    }
  ],
  organizations: [
    {
       id: 12,
       name: "Universidad Politecnica de Madrid",
       roles: [
         {
           id: 14,
           name: "Admin"
         }
      ]
    }
  ]
}