Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add details to curl command guide #3437

Merged
merged 2 commits into from
Dec 28, 2022
Merged

docs: add details to curl command guide #3437

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
53f8b12
docs: add more details about client creation
ossdhaval Dec 28, 2022
a500bd0
docs: remove redundant content
ossdhaval Dec 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
164 changes: 144 additions & 20 deletions docs/admin/config-guide/curl.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ For the client_id and client_secret, contact your administrator.

```
curl -u "client_inum:client_secret" https://<your.jans.server>/jans-auth/restv1/token \
-d "grant_type=client_credentials&scope=put_scope_name_here
-d "grant_type=client_credentials&scope=put_scope_name_here"
```

**Example**:
Expand Down Expand Up @@ -65,17 +65,67 @@ Examples of `name_of_the_script` ( Authentication methods that are present in th

### Client creation

#### Steps:
1. Creating a client with minimal upfront configuration requires only `redirectUris` in following format. Add following content in a text file and save it as client.json.
```json
{
"redirectUris": [
"http://localhost:8080"
]
}
```
In place of `http://localhost:8080` uri used above, any valid redirect URI can be used.
To provide full client configuration at the time of creation, Download and use this
[json format](https://raw.githubusercontent.com/JanssenProject/jans/main/jans-config-api/server/src/test/resources/feature/openid/clients/client.json),
update the values and save it as client.json. Few important fields to populate are `scope`,`responseTypes`,
`redirectUris` (The only mandatory field), `grantTypes`. If there is a need to update the attributes of the client after
creation, then make sure that the client is created with `grantTypes` list having `client_credentials` grant type as well.

1. Download this [json file](https://raw.githubusercontent.com/JanssenProject/jans/main/jans-config-api/server/src/test/resources/feature/openid/clients/client.json), update the values and save it as client.json.
<br/>Few important fields to populate are `scope`,`responseTypes`,`redirectUris` (The only mandatory field), `grantTypes`
1. Run curl command
```
curl -X POST https://my.jans.server/jans-auth/restv1/register \
-H "Content-Type: application/json" -d @/some/directory/client.json
```

### Get Client Scopes
If client is created successfully, response similar to below will be received:

```json
{
"allow_spontaneous_scopes": false,
"application_type": "web",
"rpt_as_jwt": false,
"registration_client_uri": "https://my.jans.server/jans-auth/restv1/register?client_id=994ec0a7-1143-456c-85ca-66ba592d7f9a",
"tls_client_auth_subject_dn": "",
"run_introspection_script_before_jwt_creation": false,
"registration_access_token": "d34f30ff-ae31-4760-8b67-ef071ba9ee68",
"client_id": "994ec0a7-1143-456c-85ca-66ba592d7f9a",
"token_endpoint_auth_method": "client_secret_basic",
"scope": "openid profile permission https://jans.io/auth/ssa.portal uma_protection work_phone phone address test https://jans.io/auth/ssa.admin user_name email clientinfo device_sso org_name https://jans.io/auth/ssa.developer offline_access",
"client_secret": "da4c17de-b6bc-4f25-b642-4c7b887c7860",
"client_id_issued_at": 1672221633,
"backchannel_logout_uri": [],
"backchannel_logout_session_required": false,
"par_lifetime": 600,
"spontaneous_scopes": [],
"id_token_signed_response_alg": "RS256",
"access_token_as_jwt": false,
"grant_types": [
"authorization_code",
"refresh_token"
],
"subject_type": "pairwise",
"keep_client_authorization_after_expiration": false,
"require_par": false,
"redirect_uris_regex": "",
"additional_audience": [],
"frontchannel_logout_session_required": false,
"client_secret_expires_at": 1672308033,
"access_token_signing_alg": "RS256",
"response_types": ["code"]
}
```
Response contains `client_id` and `client_secret` apart from other client configuration details.

### Get Client Details

1. Obtain an Access Token with scope `https://jans.io/oauth/config/openid/clients.readonly`.
```
Expand All @@ -87,7 +137,95 @@ curl -X POST https://my.jans.server/jans-auth/restv1/register \
curl -X GET https://my.jans.server/jans-config-api/api/v1/openid/clients/client-s_inum_for_which_scope_to_be_added
-H "Authorization: Bearer put_access_token_here"
```
3. Notice the `scope` field. It is a space-separated String of scope values e.g `"scope" : "openid user_name "`.
3. This will return JSON response similar to the one below.
```json
{
"dn":"inum=994ec0a7-1143-456c-85ca-66ba592d7f9a,ou=clients,o=jans",
"expirationDate":"2022-12-29T10:00:33",
"deletable":true,
"clientSecret":"5Mlvuh0JRwl/WcpiUNGGXjtDO4+SprNBjiVFFcWqWB4gu7gYxqcSMw==",
"frontChannelLogoutSessionRequired":false,
"redirectUris":[
"http://localhost:8080"
],
"responseTypes":[
"code"
],
"grantTypes":[
"authorization_code",
"refresh_token",
"client_credentials"
],
"applicationType":"web",
"clientName":"dd-test-client",
"clientNameLocalized":{

},
"logoUriLocalized":{

},
"clientUriLocalized":{

},
"policyUriLocalized":{

},
"tosUriLocalized":{

},
"subjectType":"pairwise",
"idTokenSignedResponseAlg":"RS256",
"tokenEndpointAuthMethod":"client_secret_basic",
"scopes":[
"inum=F0C4,ou=scopes,o=jans",
"inum=43F1,ou=scopes,o=jans",
"inum=C4F5,ou=scopes,o=jans",
"inum=SSA1-PTL1,ou=scopes,o=jans",
"inum=6D99,ou=scopes,o=jans",
"inum=7D02,ou=scopes,o=jans",
"inum=D491,ou=scopes,o=jans",
"inum=C17A,ou=scopes,o=jans",
"inum=0465-1DEA,ou=scopes,o=jans",
"inum=SSA1-AD01,ou=scopes,o=jans",
"inum=10B2,ou=scopes,o=jans",
"inum=764C,ou=scopes,o=jans",
"inum=341A,ou=scopes,o=jans",
"inum=C4F8,ou=scopes,o=jans",
"inum=7D01,ou=scopes,o=jans",
"inum=SSA1-DEV1,ou=scopes,o=jans",
"inum=C4F6,ou=scopes,o=jans"
],
"trustedClient":false,
"persistClientAuthorizations":true,
"includeClaimsInIdToken":false,
"customAttributes":[

],
"customObjectClasses":[
"top"
],
"rptAsJwt":false,
"accessTokenAsJwt":false,
"accessTokenSigningAlg":"RS256",
"disabled":false,
"attributes":{
"runIntrospectionScriptBeforeJwtCreation":false,
"keepClientAuthorizationAfterExpiration":false,
"allowSpontaneousScopes":false,
"backchannelLogoutSessionRequired":false,
"parLifetime":600,
"requirePar":false,
"jansDefaultPromptLogin":false,
"minimumAcrLevel":-1
},
"backchannelTokenDeliveryMode":"poll",
"backchannelUserCodeParameter":false,
"displayName":"dd-test-client",
"authenticationMethod":"client_secret_basic",
"baseDn":"inum=994ec0a7-1143-456c-85ca-66ba592d7f9a,ou=clients,o=jans",
"inum":"994ec0a7-1143-456c-85ca-66ba592d7f9a"
}
```

### Add New Scope to Client

Expand All @@ -111,20 +249,6 @@ curl -X PATCH -k -H 'Content-Type: application/json-patch+json' \
]'
```

### Get grant_types For Client

1. Obtain an Access Token with scope `https://jans.io/oauth/config/openid/clients.readonly`.
```
curl -u "put_client_id:put_config_api_client_secret_here" https://<your.jans.server>/jans-auth/restv1/token \
-d "grant_type=client_credentials&scope=https://jans.io/oauth/config/openid/clients.readonly"
```
2. Obtain client information using:
```
curl -X GET https://my.jans.server/jans-config-api/api/v1/openid/clients/client-s_inum_for_which_grant_types_to_check \
-H "Authorization: Bearer put_access_token_here"
```
3. Notice the `grant_types` field in the response.

### Add OpenID scope and map to database attribute

1. Obtain access token
Expand Down