Proveedor de OAuth2 para autenticación con One Time Password (OTP) para Pymes
- Protocols: HTTPS
Base Gateway API Endpoint
Paths
/oauth2/authorize
Endpoint for Authorization Code and Implicit grants
It exposes the forms to validate the identity and authorization of the user.
Identificador único de la aplicación
Its value indicates whether you want to request an authorization code (code, in flow access_code) or an access token (token, in the implicit flow).
{
"enum": [
"code",
"token"
]
}
Scope being requested (Determines the actions that can be performed, for one or several APIs).
URI where user is redirected to after authorization
This string will be echoed back to application when user is redirected
An HTML form for authentication or authorization of this request.
Redirect to the clients redirect_uri containing one of the following
- authorization code for Authorization code grant
- access token for Implicity grant
- error in case of errors, such as the user has denied the request
Submit user approval and get an access token
Submit resource owners approval (or rejection) for the OAuth2 Server to issue an authorization code or access token to the application.
application requesting the access code or token
requested scope of this authorization
resource owners user name
URI the application is requesting this access token
URL of the original authorization request
state information provided in the authorization form
state information provided in the authorization form
The user validates their identity and allows the application to access the resources
/oauth2/token
Request Access Tokens
This endpoint allows you to request an access token by following one of the following flows:
- Authorization Code (Access code flow), exchanges code for an access token.
- Client Credentials (Application flow), The information to consult is not owned by a user. The credentials of the application are validated and an access token is delivered.
- Resource Owner Password Credentials (password flow), The client (application) provides the name and password of the owner of the resource. The credentials of the application and the user are validated, an access token is delivered.
- Refresh Token, Exchange a refresh token with a new access token.
The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.
Nota: |
Client authentication(application):
- Confidential clients must authenticate using HTTP Basic Authentication, Example: in header Authorization: Basic base64(client_id:client_secret). Alternatively, they can post their client_id and client_secret information as parameters in formData.
Parameters | grant_type | grant_type | grant_type | grant_type |
---|---|---|---|---|
Name Parameters | Authorization_code | client_credentials | password | refresh_token |
client_id | required | required | required | required |
client_secret | required | required | required | required |
code | required | |||
redirect_uri | required | |||
username | required | |||
password | required | |||
scope | optional | optional | ||
refresh_token | required |
The implicit grant requests, see /oauth2/authorize.
Type of grant
{
"enum": [
"authorization_code",
"password",
"client_credentials",
"refresh_token"
]
}
Application credentials, Basic authentication (client_id:client_secret)
Authorization code provided by the /oauth2/authorize endpoint
required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical. Required for authorization_code grant type.
Resource owner username. No required for client_credentials grant type (application flow). El nombre de usuario es customerIdent, example: CC-12345678.
Resource owner password. No required for client_credentials grant type. The password is One Time Password(OTP), example: 123456. The OTP is sent to the user, as long as it is registered in the alerts and notifications service.
Scope being requested (Determines the actions that can be performed, for one or several APIs).
The refresh token that the client(application) wants to exchange for a new access token (refresh_token grant_type)
json document containing access token, expire time, the scope, and refresh token in the case of have authorized of the user.
json document that may contain additional details about the failure
/oauth2/introspect
Introspect a given access_token supported
This endpoint introspects a given access_token. Determine the metainformation of an access token: application that requested the token, state of the token, time of validity, the owner of the resource that I authorize if applicable.
Identificador único de la aplicación
String value of the access_token to be introspected
This must contain 'access_token' to indicate the token type
json document containing issued information, etc.
Failure. Invalid client credentials.
Definitions
{
"type": "object",
"additionalProperties": false,
"required": [
"token_type",
"access_token",
"expires_in"
],
"properties": {
"token_type": {
"enum": [
"bearer"
],
"example": "bearer"
},
"access_token": {
"type": "string",
"example": "AAEkYzMxZDIzYzEtYTIxNy00NTgyLThkMzMtYTdiMjEyY2ZmYjg2lIz78I7rh80UPdNWVkcZm7c0Iw5v7TXPS5b95MEiy-I696XQRqVG2FlfjeFEwwckXSwbllGCRhZu7zXaUaVSZg"
},
"expires_in": {
"type": "integer",
"example": 1200
},
"scope": {
"type": "string",
"example": "Customer"
},
"refresh_token": {
"type": "string",
"example": "AAF7NPitWNW04yTk7L7trj7bNt4_NSMSEAgl-v0o2X31C-XnpKOKPKryJMWhjgxXHlPlDYYmuF1V_-tzb_9hjTz9g5c0xPsFCFRWA-pCSEwihw"
}
}
}
{
"type": "object",
"additionalProperties": false,
"required": [
"active",
"client_id",
"client_name",
"username",
"sub",
"exp",
"expstr",
"iat",
"nbf",
"nbfstr",
"scope"
],
"properties": {
"active": {
"type": "boolean",
"example": true
},
"token_type": {
"type": "string",
"example": "bearer"
},
"client_id": {
"type": "string",
"example": "78x2f10f-729a-4e1f-8e0a-096634997b35"
},
"client_name": {
"type": "string",
"example": "APP_My_Fintech"
},
"username": {
"type": "string",
"example": "CC-12345678"
},
"sub": {
"type": "string",
"example": "CC-12345678"
},
"exp": {
"type": "string",
"example": 1479850049
},
"expstr": {
"type": "string",
"example": "2016-11-22T21:27:29Z"
},
"iat": {
"type": "string",
"example": 1479846449
},
"nbf": {
"type": "string",
"example": 1479846449
},
"nbfstr": {
"type": "string",
"example": "2016-11-22T20:27:29Z"
},
"scope": {
"type": "string",
"example": "Customer"
},
"miscinfo": {
"type": "string",
"example": "a:cn=John,sn=Doe"
}
}
}