Skip to content
This repository has been archived by the owner on Jul 3, 2020. It is now read-only.

API for registering clients #76

Open
jaadds opened this issue Apr 26, 2015 · 4 comments
Open

API for registering clients #76

jaadds opened this issue Apr 26, 2015 · 4 comments

Comments

@jaadds
Copy link

jaadds commented Apr 26, 2015

Hi,
I was able to get apis-authorization-server-war running, and could register clients through UI after logging into the App. However I'd like to know if the Authorization Server provides an API similar to Dynamic Client Registration endpoint mentioned in https://openid.net/specs/openid-connect-registration-1_0.html?
I'm looking for a wat to register a client through a curl command.

Amila
@gvanderploeg
Copy link
Contributor

Hi Amila,

No, at the moment there is no spec-backed client registration.
The API for registering clients is proper REST with OAuth protection though, so you should be able to construct a cURL-command I would say.

Start with having Chrome's inspection window open while creating a client through the web interface, and then right-click the corresponding POST-request and then click 'Copy as cURL'. This will give you an idea how to script it...

@jaadds
Copy link
Author

jaadds commented May 4, 2015

I was able to find the endpoint and format of the Payload by inspecting requests sent by UI.
Now I'm trying a different thing. I registered a resource server, and then created a client under it. Using the created client, I can obtain tokens that has lifetime of several days. My intention is to use such a token to call admin APIs (specifically the API for creating clients). But when I invoke client registering API, I'm getting this error
"Access to the specified resource has been forbidden."
Is there a way to call admin APIs, using a token obtained using an arbitrary client ?

@gvanderploeg
Copy link
Contributor

You cannot use a token (that is issued to a certain client for a certain
resource server) for a request to an arbitrary resource server.
The relation between tokens, clients and servers is all 'one to many',
there is no 'many to many' anywhere: a token belongs to only one client, a
client only belongs to one resource server.

Does this answer your question?

Kind regards,
Geert

On 5 May 2015 at 01:55, jaadds notifications@github.com wrote:

I was able to find the endpoint and format of the Payload by inspecting
requests sent by UI.
Now I'm trying a different thing. I registered a resource server, and then
created a client under it. Using the created client, I can obtain tokens
that has lifetime of several days. My intention is to use such a token to
call admin APIs (specifically the API for creating clients). But when I
invoke client registering API, I'm getting this error
"Access to the specified resource has been forbidden."
Is there a way to call admin APIs, using a token obtained using an
arbitrary client ?


Reply to this email directly or view it on GitHub
#76 (comment).

@jaadds
Copy link
Author

jaadds commented May 6, 2015

Hi Geert,
Yes. Thanks, that answers my question.

Amila

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gvanderploeg @jaadds