Authentication

Full-flow Example

3000 views June 12, 2017 November 20, 2018 8

Authorization

Take your client_id and client secret and concatenate them with a colon sign in between (like this -> client_id:client_secret) and Base64 encode the result. Put it in a text file.

Build your request string. For example:
https://preprod.signicat.com/oidc/authorize?response_type=code&scope=openid+profile&client_id=demo-preprod&redirect_uri=https://
example.com/redirect&state=123abc&acr_values=urn:signicat:oidc:method:idin

Set state to anything.

acr_values define what method to use. As you can see from the example URI, “idin” will be used. To use other methods see Demo service for available methods and modify the value following acr_values with the desired method name.

redirect_uri must be configured for the client and character-for-character exactly the same.

Paste that URI into your browser and complete the flow. You should end up at the redirect URI with two parameters in the URI in the address bar: “code” and “state”. The state should be the one you supplied in the initial request.

Token

Copy the “code” you got and paste it into the following URL request (remember to change client_id and the hostname to the correct one):

curl -XPOST "https://dev01.signicat.com/oidc/token" -H "Authorization: Basic YOUR_BASE64_CREDENTIALS" -d "client_id=184a9125-951b-4160-a81d-cfba7390ae5c&redirect_uri=http://localhost:1337/static/recover.html&grant_type=authorization_code&code=CODE GOES HERE"

curl -XPOST "https://preprod.signicat.com/oidc/token" -H "Authorization: Basic ZGVtby1wcmVwcm9kOm1xWi1fNzUtZjJ3TnNpUVRPTmI3T240YUFaN3pjMjE4bXJSVmsxb3VmYTg=" -d "client_id=demo-preprod&redirect_uri=https://example.com/redirect&grant_type=authorization_code&code=CODE GOES HERE"

Note:

  • Redirect URI MUST be the same as the initial one.
  • The header, as shown must be “Authorization: Basic THE_BASE64_ENCODED_CREDENTIALS_YOU_MADE_IN_THE_FIRST_STEP”
    • In this case we have Base 64 encoded “demo-preprod:mqZ-_75-f2wNsiQTONb7On4aAZ7zc218mrRVk1oufa8”
  • Paste the code in the “code” parameter

Now, run that command. You should get JSON containing an access token, a refresh token (depending on the config), and an ID token. Copy the access token string.

UserInfo

It’s time to use the access token to return a JSON containing your information. Run:

curl -XGET "https://preprod.signicat.com/oidc/userinfo" -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Was this helpful?