-
Notifications
You must be signed in to change notification settings - Fork 25
Using the FIWARE LAB instance
DEPRECATED - Important: This wiki documentation is deprecated. Please use the documentation included in the main README of this project
There is already a deployed instance of the FIWARE IdM available at https://account.lab.fiware.org/
In order to start using the FIWARE IdM, you must first register your own account.
The next step is registering you own application. The Callback URL
attribute is a mandatory parameter used in OAuth2 authentication. The IdM provides you with a Client ID
and a Client Secret
which are used in OAuth2
The FIWARE IdM complies with the OAuth2 standard described in RFC 6749. Currently we support two grant types, the Authorization Code Grant and the Resource Owner Password Credentials Grant.
Get Access Code Request
GET /oauth2/authorize?response_type=code&client_id=1&state=xyz
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url HTTP/1.1
Host: account.lab.fiware.org
The response_type
attribute is mandatory and must be set to code
. The client_id
attribute is the one provided by the FIWARE IdM upon application registration. The redirect_uri
attribute must match the Callback URL
attribute provided to the IdM within the application registration.
HTTP/1.1 302 Found
Location: https://client.example.com/callback_url?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
Get Access Token Request
POST /oauth2/token HTTP/1.1
Host: account.lab.fiware.org
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcallback_url
The Authorization Basic
header is built with the Client ID
and Client Secret
credentials provided by the FIWARE IdM following the standard. So the string will be
base64(client_id:client_secret)
The redirect_uri
parameter must match the Callback URL
attribute provided in the application registration.
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
}
POST /oauth2/token HTTP/1.1
Host: account.lab.fiware.org
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=demo&password=123
GET /user?access_token=2YotnFZFEjr1zCsicMWpAA
{
id: 1,
displayName: "Demo user",
email: "[email protected]",
roles: [
{
id: 15,
name: "Manager"
},
{
id: 7
name: "Ticket manager"
}
],
organizations: [
{
id: 12,
name: "Universidad Politecnica de Madrid",
roles: [
{
id: 14,
name: "Admin"
}
]
}
]
}