Layer7 API Management

  • Private Community

  • 1.  id_token generation

    Posted Nov 14, 2017 02:05 PM

    Can you please help me in generation of OpenID token (id_token) using the end point POST::: /auth/oauth/v2/token

     

    I am unbale to get the "id_token": in response.

    Do we need to configure the gateway for open id i am using otk 4.1



  • 2.  Re: Otk 4.1 id_token generation
    Best Answer

    Broadcom Employee
    Posted Nov 15, 2017 08:26 AM

    Hi Pavan,

     

    We support the implicit and authorization code flows so the request will need to be sent to 

    /auth/oauth/v2/authorize

    Ref:

    Open ID Connect Implementation Details - CA API Management OAuth Toolkit - 4.1 - CA Technologies Documentation 

    OAuth Request Scenarios - CA API Management OAuth Toolkit - 4.1 - CA Technologies Documentation 

     

    {
    "access_token":"b57b5ee7-2a8d-4145-9a8c-d6ad554d9a8a",
    "token_type":"Bearer",
    "expires_in":3600,
    "refresh_token":"334418ec-d83a-4c4e-c536-27edga97b7cb",
    "scope":"openid profile email user_role",
    "id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.ewogInN1YiI6ICJwa0ZoUzZlaXdFUExEOXZwS3A2aDdhS2w3ZTJhQ2NhOU5ZTFVmXzdGQTlVIiwKICJhdWQiOiAiNWVlZDg2OGUtN2FkMC00MTcyLTg4ZjItNzA0YmNmNzhiNjFlIiwKICJjX2hhc2giOiAiS3JPWVNKeVlSUnV6M0w1SU52VODY4ZS03YWQwLTQxNzItODhmMi03MDRiY2Y3OGI2MWUiLAogImF1dGhfdGltZSI6IDE1MTA3NTIyNTYsCiAiaXNzIjogImh0dHA6Ly9kYXNqbzAyLXNzZzkyMC0xLmNhLmNvbS9jb25uZWN0IiwKICJleHAiOiAxNTEwODM4NjU5LAogImlhdCI6IDE1MTA3NTIyNTksCiAibm9uY2UiOiAiNTM0NjciCn0.GnSIrXNzVU9xvRNNN5Y6IPTbLJJWw93aHN82tIl2c9U",
    "id_token_type":"urn:ietf:params:oauth:grant-type:jwt-bearer"
    }

     

    Regards,

    Joe



  • 3.  Re: Otk 4.1 id_token generation

    Broadcom Employee
    Posted Nov 16, 2017 09:44 AM

    When using response_type=token%20id_token it will use the implicit flow(in the request to the /authorize endpoint).

     

    When using the response_type=code (in the request to the authorize endpoint) it will return a code that needs to be exchanged for a token. Once you have the code you will need to POST this to the /auth/oauth/v2/token endpoint using the parameter grant_type=authorization_code to receive the tokens.

     

    This doc may make a bit more sense than the original one I posted. 

     

    OAuth Request Scenarios - CA API Management OAuth Toolkit - 3.5 - CA Technologies Documentation 



  • 4.  Re: Otk 4.1 id_token generation

    Broadcom Employee
    Posted Nov 16, 2017 04:53 PM

    Hi Pavan,

     

    I see you have an open case with support. We will discuss in more detail tomorrow to help clear things up bit.

    In the meantime you may want to have alt the test clients (if you have installed then).

     

    https://<gateway>:8443/oauth/v2/client/bcp 

    https://<gateway>:8443/oauth/v2/client/icp 

    Run the OAuth 2.0 Test Client - CA API Management OAuth Toolkit - 3.5 - CA Technologies Documentation 

     

    Regards,

    Joe