From 62f858c4ba0262aac36d7cdd123f0d7726901fa8 Mon Sep 17 00:00:00 2001 From: Dhaval D <343411+ossdhaval@users.noreply.github.com> Date: Wed, 28 Dec 2022 18:07:14 +0530 Subject: [PATCH] docs: add details to curl command guide (#3437) * docs: add more details about client creation * docs: remove redundant content --- docs/admin/config-guide/curl.md | 164 ++++++++++++++++++++++++++++---- 1 file changed, 144 insertions(+), 20 deletions(-) diff --git a/docs/admin/config-guide/curl.md b/docs/admin/config-guide/curl.md index 690696fec56..307212698cd 100644 --- a/docs/admin/config-guide/curl.md +++ b/docs/admin/config-guide/curl.md @@ -20,7 +20,7 @@ For the client_id and client_secret, contact your administrator. ``` curl -u "client_inum:client_secret" https:///jans-auth/restv1/token \ - -d "grant_type=client_credentials&scope=put_scope_name_here + -d "grant_type=client_credentials&scope=put_scope_name_here" ``` **Example**: @@ -65,17 +65,67 @@ Examples of `name_of_the_script` ( Authentication methods that are present in th ### Client creation -#### Steps: +1. Creating a client with minimal upfront configuration requires only `redirectUris` in following format. Add following content in a text file and save it as client.json. +```json +{ + "redirectUris": [ + "http://localhost:8080" + ] +} +``` +In place of `http://localhost:8080` uri used above, any valid redirect URI can be used. +To provide full client configuration at the time of creation, Download and use this +[json format](https://raw.githubusercontent.com/JanssenProject/jans/main/jans-config-api/server/src/test/resources/feature/openid/clients/client.json), +update the values and save it as client.json. Few important fields to populate are `scope`,`responseTypes`, +`redirectUris` (The only mandatory field), `grantTypes`. If there is a need to update the attributes of the client after +creation, then make sure that the client is created with `grantTypes` list having `client_credentials` grant type as well. -1. Download this [json file](https://raw.githubusercontent.com/JanssenProject/jans/main/jans-config-api/server/src/test/resources/feature/openid/clients/client.json), update the values and save it as client.json. -
Few important fields to populate are `scope`,`responseTypes`,`redirectUris` (The only mandatory field), `grantTypes` 1. Run curl command ``` curl -X POST https://my.jans.server/jans-auth/restv1/register \ -H "Content-Type: application/json" -d @/some/directory/client.json ``` -### Get Client Scopes +If client is created successfully, response similar to below will be received: + +```json +{ + "allow_spontaneous_scopes": false, + "application_type": "web", + "rpt_as_jwt": false, + "registration_client_uri": "https://my.jans.server/jans-auth/restv1/register?client_id=994ec0a7-1143-456c-85ca-66ba592d7f9a", + "tls_client_auth_subject_dn": "", + "run_introspection_script_before_jwt_creation": false, + "registration_access_token": "d34f30ff-ae31-4760-8b67-ef071ba9ee68", + "client_id": "994ec0a7-1143-456c-85ca-66ba592d7f9a", + "token_endpoint_auth_method": "client_secret_basic", + "scope": "openid profile permission https://jans.io/auth/ssa.portal uma_protection work_phone phone address test https://jans.io/auth/ssa.admin user_name email clientinfo device_sso org_name https://jans.io/auth/ssa.developer offline_access", + "client_secret": "da4c17de-b6bc-4f25-b642-4c7b887c7860", + "client_id_issued_at": 1672221633, + "backchannel_logout_uri": [], + "backchannel_logout_session_required": false, + "par_lifetime": 600, + "spontaneous_scopes": [], + "id_token_signed_response_alg": "RS256", + "access_token_as_jwt": false, + "grant_types": [ + "authorization_code", + "refresh_token" + ], + "subject_type": "pairwise", + "keep_client_authorization_after_expiration": false, + "require_par": false, + "redirect_uris_regex": "", + "additional_audience": [], + "frontchannel_logout_session_required": false, + "client_secret_expires_at": 1672308033, + "access_token_signing_alg": "RS256", + "response_types": ["code"] +} +``` +Response contains `client_id` and `client_secret` apart from other client configuration details. + +### Get Client Details 1. Obtain an Access Token with scope `https://jans.io/oauth/config/openid/clients.readonly`. ``` @@ -87,7 +137,95 @@ curl -X POST https://my.jans.server/jans-auth/restv1/register \ curl -X GET https://my.jans.server/jans-config-api/api/v1/openid/clients/client-s_inum_for_which_scope_to_be_added -H "Authorization: Bearer put_access_token_here" ``` -3. Notice the `scope` field. It is a space-separated String of scope values e.g `"scope" : "openid user_name "`. +3. This will return JSON response similar to the one below. +```json +{ + "dn":"inum=994ec0a7-1143-456c-85ca-66ba592d7f9a,ou=clients,o=jans", + "expirationDate":"2022-12-29T10:00:33", + "deletable":true, + "clientSecret":"5Mlvuh0JRwl/WcpiUNGGXjtDO4+SprNBjiVFFcWqWB4gu7gYxqcSMw==", + "frontChannelLogoutSessionRequired":false, + "redirectUris":[ + "http://localhost:8080" + ], + "responseTypes":[ + "code" + ], + "grantTypes":[ + "authorization_code", + "refresh_token", + "client_credentials" + ], + "applicationType":"web", + "clientName":"dd-test-client", + "clientNameLocalized":{ + + }, + "logoUriLocalized":{ + + }, + "clientUriLocalized":{ + + }, + "policyUriLocalized":{ + + }, + "tosUriLocalized":{ + + }, + "subjectType":"pairwise", + "idTokenSignedResponseAlg":"RS256", + "tokenEndpointAuthMethod":"client_secret_basic", + "scopes":[ + "inum=F0C4,ou=scopes,o=jans", + "inum=43F1,ou=scopes,o=jans", + "inum=C4F5,ou=scopes,o=jans", + "inum=SSA1-PTL1,ou=scopes,o=jans", + "inum=6D99,ou=scopes,o=jans", + "inum=7D02,ou=scopes,o=jans", + "inum=D491,ou=scopes,o=jans", + "inum=C17A,ou=scopes,o=jans", + "inum=0465-1DEA,ou=scopes,o=jans", + "inum=SSA1-AD01,ou=scopes,o=jans", + "inum=10B2,ou=scopes,o=jans", + "inum=764C,ou=scopes,o=jans", + "inum=341A,ou=scopes,o=jans", + "inum=C4F8,ou=scopes,o=jans", + "inum=7D01,ou=scopes,o=jans", + "inum=SSA1-DEV1,ou=scopes,o=jans", + "inum=C4F6,ou=scopes,o=jans" + ], + "trustedClient":false, + "persistClientAuthorizations":true, + "includeClaimsInIdToken":false, + "customAttributes":[ + + ], + "customObjectClasses":[ + "top" + ], + "rptAsJwt":false, + "accessTokenAsJwt":false, + "accessTokenSigningAlg":"RS256", + "disabled":false, + "attributes":{ + "runIntrospectionScriptBeforeJwtCreation":false, + "keepClientAuthorizationAfterExpiration":false, + "allowSpontaneousScopes":false, + "backchannelLogoutSessionRequired":false, + "parLifetime":600, + "requirePar":false, + "jansDefaultPromptLogin":false, + "minimumAcrLevel":-1 + }, + "backchannelTokenDeliveryMode":"poll", + "backchannelUserCodeParameter":false, + "displayName":"dd-test-client", + "authenticationMethod":"client_secret_basic", + "baseDn":"inum=994ec0a7-1143-456c-85ca-66ba592d7f9a,ou=clients,o=jans", + "inum":"994ec0a7-1143-456c-85ca-66ba592d7f9a" +} +``` ### Add New Scope to Client @@ -111,20 +249,6 @@ curl -X PATCH -k -H 'Content-Type: application/json-patch+json' \ ]' ``` -### Get grant_types For Client - -1. Obtain an Access Token with scope `https://jans.io/oauth/config/openid/clients.readonly`. -``` - curl -u "put_client_id:put_config_api_client_secret_here" https:///jans-auth/restv1/token \ - -d "grant_type=client_credentials&scope=https://jans.io/oauth/config/openid/clients.readonly" -``` -2. Obtain client information using: -``` - curl -X GET https://my.jans.server/jans-config-api/api/v1/openid/clients/client-s_inum_for_which_grant_types_to_check \ - -H "Authorization: Bearer put_access_token_here" -``` -3. Notice the `grant_types` field in the response. - ### Add OpenID scope and map to database attribute 1. Obtain access token