Proveedor de OAuth2 para autenticación con One Time Password (OTP) para Pymes
- Protocols: HTTPS
Base Gateway API Endpoint
Paths
/oauth2/authorize
/oauth2/token
Request Access Tokens
This endpoint allows you to request an access token by following one of the following flows:
- Authorization Code (Access code flow), exchanges code for an access token.
- Client Credentials (Application flow), The information to consult is not owned by a user. The credentials of the application are validated and an access token is delivered.
- Resource Owner Password Credentials (password flow), The client (application) provides the name and password of the owner of the resource. The credentials of the application and the user are validated, an access token is delivered.
- Refresh Token, Exchange a refresh token with a new access token.
The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.
Nota: |
Client authentication(application):
- Confidential clients must authenticate using HTTP Basic Authentication, Example: in header Authorization: Basic base64(client_id:client_secret). Alternatively, they can post their client_id and client_secret information as parameters in formData.
| Parameters | grant_type | grant_type | grant_type | grant_type |
|---|---|---|---|---|
| Name Parameters | Authorization_code | client_credentials | password | refresh_token |
| client_id | required | required | required | required |
| client_secret | required | required | required | required |
| code | required | |||
| redirect_uri | required | |||
| username | required | |||
| password | required | |||
| scope | optional | optional | ||
| refresh_token | required |
The implicit grant requests, see /oauth2/authorize.
Type of grant
{
"enum": [
"authorization_code",
"password",
"client_credentials",
"refresh_token"
]
}Application credentials, Basic authentication (client_id:client_secret)
Authorization code provided by the /oauth2/authorize endpoint
required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical. Required for authorization_code grant type.
Resource owner username. No required for client_credentials grant type (application flow). El nombre de usuario es customerIdent, example: CC-12345678.
Resource owner password. No required for client_credentials grant type. The password is One Time Password(OTP), example: 123456. The OTP is sent to the user, as long as it is registered in the alerts and notifications service.
Scope being requested (Determines the actions that can be performed, for one or several APIs).
The refresh token that the client(application) wants to exchange for a new access token (refresh_token grant_type)
json document containing access token, expire time, the scope, and refresh token in the case of have authorized of the user.
json document that may contain additional details about the failure
/oauth2/introspect
Introspect a given access_token supported
This endpoint introspects a given access_token. Determine the metainformation of an access token: application that requested the token, state of the token, time of validity, the owner of the resource that I authorize if applicable.
Identificador único de la aplicación
String value of the access_token to be introspected
This must contain 'access_token' to indicate the token type
json document containing issued information, etc.
Failure. Invalid client credentials.
Definitions
{
"type": "object",
"additionalProperties": false,
"required": [
"token_type",
"access_token",
"expires_in"
],
"properties": {
"token_type": {
"enum": [
"bearer"
],
"example": "bearer"
},
"access_token": {
"type": "string",
"example": "AAEkYzMxZDIzYzEtYTIxNy00NTgyLThkMzMtYTdiMjEyY2ZmYjg2lIz78I7rh80UPdNWVkcZm7c0Iw5v7TXPS5b95MEiy-I696XQRqVG2FlfjeFEwwckXSwbllGCRhZu7zXaUaVSZg"
},
"expires_in": {
"type": "integer",
"example": 1200
},
"scope": {
"type": "string",
"example": "Customer"
},
"refresh_token": {
"type": "string",
"example": "AAF7NPitWNW04yTk7L7trj7bNt4_NSMSEAgl-v0o2X31C-XnpKOKPKryJMWhjgxXHlPlDYYmuF1V_-tzb_9hjTz9g5c0xPsFCFRWA-pCSEwihw"
}
}
}
{
"type": "object",
"additionalProperties": false,
"required": [
"active",
"client_id",
"client_name",
"username",
"sub",
"exp",
"expstr",
"iat",
"nbf",
"nbfstr",
"scope"
],
"properties": {
"active": {
"type": "boolean",
"example": true
},
"token_type": {
"type": "string",
"example": "bearer"
},
"client_id": {
"type": "string",
"example": "78x2f10f-729a-4e1f-8e0a-096634997b35"
},
"client_name": {
"type": "string",
"example": "APP_My_Fintech"
},
"username": {
"type": "string",
"example": "CC-12345678"
},
"sub": {
"type": "string",
"example": "CC-12345678"
},
"exp": {
"type": "string",
"example": 1479850049
},
"expstr": {
"type": "string",
"example": "2016-11-22T21:27:29Z"
},
"iat": {
"type": "string",
"example": 1479846449
},
"nbf": {
"type": "string",
"example": 1479846449
},
"nbfstr": {
"type": "string",
"example": "2016-11-22T20:27:29Z"
},
"scope": {
"type": "string",
"example": "Customer"
},
"miscinfo": {
"type": "string",
"example": "a:cn=John,sn=Doe"
}
}
}