Signicat documentation
Signicat documentation
Home
Signicat website
Support
Signicat Documentation
Releases
Release notes Signicat NextGen
Release notes
MySignicat
Overview
The Menu
Signicat Identity Broker
Overview
Dashboard
Message log
Broker
Level of Assurance Contracts
Attribute Filters
Customer Identity and Access Management
Introduction into CIAM
Managing organisations
Managing users
Custom attributes
Settings
SCIM API v1.0 (latest)
SCIM API v0.1 (deprecated)
SDK
Web SDK
Mobile SDK
API Documentation
Connectis Identity Broker
Configure your environment with MyConnectis
Configuring eIDs
Connecting your application
Generic information
Testing Toolkit (deprecated)
Protocol information
SAML 2.0 information
OpenID Connect information
OAUTH 2.0 information
Support
Powered by GitBook

OAUTH 2.0 information

Relevant OAuth 2.0 protocol information

Flows

The Connectis identity broker supports the most commonly used OAUTH 2.0 flows: Authorisation Code Grant and Grant.

Authorisation Code Grant Flow

The Authorisation Code grant type is used by clients to exchange an authorisation code for an access token. See https://oauth.net/2/grant-types/authorization-code/ for a detailed description of the flow.

Example of authorisation request:

<base_url>/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&response_type=code&scope=<scope>

ID

Value

Description

client_id

Unique identifier

Identifies the client at the Connectis Identity Broker. This must be agreed upon between your service and Connectis before starting the integration.

redirect_uri

Url

The url on your service that will receive the response.

response_type

"code"

This value must be set to "code" to retrieve an Authorisation Token.

scope

Optional field

Via some OAuth servers, the client can specify the scope of the request.

Example of authorisation response:

<redirect_uri>?code=<authorization_token>

Before the <authorisation_token> is sent, the user must first authenticate himself/herself via an identity provider.

Example of messages for Access Token endpoint

Access Token request (POST method):

<base_url>/access_token?client_id=<client_id>&client_secret=<client_secret>&grant_type=authorization_code&code=<code>&redirect_uri=<redirect_uri>

The parameters should be send in the request body with Content-Type header: application/x-www-form-urlencoded.

ID

Value

Description

client_id

Unique identifier

Identifies the client at the Connectis Identity Broker. This must be agreed upon between your service and Connectis before starting the integration.

redirect_uri

Url

The url on your service that will receive the response.

grant_type

"authorisation_code"

Must be set to this value to receive an Access Token.

client_secret

Unique identifier

A secret key agreed upon between your service and the Connectis Identity Broker.

code

Unique identifier

This is the Authorisation Token returned by the Connectis Identity Broker from the authorisation endpoint.

Access Token response (JSON format):

{
  "access_token":"<access_token>",
  "token_type":"bearer",
  "expires_in":3600,
  "refresh_token":"<refresh_token>",
}

ID

Value

Description

access_token

Unique identifier

The Access Token returned by the Connectis Identity Broker.

token_type

"Bearer"

expires_in

Integer

Defines the time (in seconds) when the Access Token will expire.

refresh_token

Unique identifier

The Refresh Token returned by the Connectis Identity Broker.

Example of messages for user info endpoint

User info request (GET method):

<base_url>/<access_token>

User Info response (JSON format):

{ "nameId": "<some_name>",
    "userAttributes" :
    [
        "name": ["<attribute_value1>", <attribute_value2>, ...],
    ]
}

Implicit Grant Flow

This flow can be used by applications running in the browser that cannot securely store a shared secret. In this case, the access token is directly returned upon user authentication and authorisation.

See https://oauth.net/2/grant-types/implicit/ for a detailed description of the flow.

Example of messages for Authorisation endpoint

Authorisation request:

<base_url>/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&response_type=token&scope=<scope>&state=<state>

ID

Value

Description

client_id

Unique identifier

Identifies the client at the Connectis Identity Broker. This must be agreed upon between your service and Connectis before starting the integration.

redirect_uri

Url

The url on your application that will receive the response.

response_type

"Token"

This value must be set to "token" to retrieve an Access Token.

scope

Optional field

At some OAuth servers, the client can specify the scope of the request.

state

Recommended unique identifier

An opaque value used by the client to prevent cross-site request forgery.

Authorisation response:

<redirect_uri>?code=<access_token>&state=<state>&token_type=bearer&expires_in=<expires_in>

ID

Value

Description

access_token

Unique identifier

The Access Token returned by the Connectis identity broker.

state

Unique identifier

The same value as sent in the request.

token_type

“Bearer”

expires_in

Integer

Defines the time (usually in seconds) when the Access Token will expire.

Previous
OpenID Connect information
Next - Generic information
Support
Last updated 5 months ago
Contents
Flows
Authorisation Code Grant Flow
Implicit Grant Flow