Monday, July 1, 2013

OAuth Bearer Token based Authentication for WSO2 IS SCIM endpoints

WSO2 Identity Server acts as a SCIM Service Provider (both hub and spoke type service providers) as well as SCIM Service Consumer.

My previous post (WSO2 Identity Server as a SCIM Service Provider) explains how to consume SCIM REST endpoints in WSO2 IS, with curl - using Basic Auth authentication.

WSO2 IS supports OAuth bearer token based authentication for SCIM REST endpoints from its 4.5.0 release onwards...
This post explains how to leverage OAuth 2.0 feature of IS in order to authenticate to SCIM REST endpoints of IS...

Step 1:
Login to IS (default credentials admin:admin) management console and create a new entry for an OAuth client application. After creating the application entry, click on it to view its details as below.


Now copy the Client Id, Client Secret & Access Token Url for future use.

Step 2:
Now lets obtain a valid access token in order to get authenticated to SCIM REST endpoints.
We can use resource owner password credential grant type for this. Format of the the curl command to obtain the access token is:

curl --user Client Id:Client Secret -k -d "grant_type=password&username=username&password=password" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2endpoints/token

You need to replace the bold strings in the above command with valid values copied from the step 1 above and the username & password of the resource owner. (You can use admin,admin for that in default pack)

Once you execute the above command, you will get a response as below:

{"token_type":"bearer","expires_in":3600,"refresh_token":"16e3de3b7af4e7a43b7e56cd9362ff","access_token":"492d8b51cb815bbe143f219ac2cf61c3"}

Copy the access token value in the above response.

Step 3:
Now we can consume the SCIM REST endpoints using the above access token.

For an e.g; you can use a curl command like below to create a user through SCIM REST endpoints:

curl -v -k --header "Authorization: Bearer access_token" --data "{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasi","password":"hasinitg","emails":[{"primary":true,"value":"hasini_home.com","type":"home"},{"value":"hasini_work.com","type":"work"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

You need to provide the access token copied in the above step 2, for the bold string in the above command...

That's it.. You can refer more curl commands to consume SCIM endpoints from my previous post. And also, you can use the SCIM sample clients in WSO2 IS samples to invoke the SCIM endpoints using both Basic auth and OAuth.

1 comment:

Note: Only a member of this blog may post a comment.