Versions Compared

Version Old Version 1 New Version Current
Changes made by

Kristoffer Kristoffer (Unlicensed)

Kristoffer Kristoffer (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space PDOIDC and version master

The SignDoc RS service resource server uses the default Access Token format of the OIDC Provider from BankID, adapted to the Client Credential flow.

Eligibile OIDC Clients can request Access Tokens for Signdoc RS access tokens for the SignDoc resource server by invoking the Token endpoint using Client Credential Grant and supplying appropriate scope value (i.e. The Access Token signdoc/read_write).

The access token must be added as an OAuth2 Bearer Token to subsequent requests to endpoints for the SignDoc RS resource server API.

Example request:

POST /auth/realms/current/protocol/openid-connect/token
 HTTP/1.1
Host: oidc-current.bankidapis.no
Content-Type: application/x-www-form-urlencoded
Authorization: Basic b2lkYy10ZXN0Y2xpZW50OmVmMWE4ZWM2LTUwODctNDQ0Yy04NGJlLTU0YTYxZjg4MTIyZQ==
 
grant_type=client_credentials&scope=signdoc%2Fread_write

The following is an example of a valid Access Token access token to the SignDoc resource server. The resource designator signdoc as well as the role read_write is added to the resource_access claim of the access token to signify access to the associated endpoint of the SignDoc RS resource server API. 

{
  
    "jti""0cd01f9a-f181-4f10-beea-b24bb729e4cf",
  
    "exp": 1533739251,
  
    "nbf": 0,
    "iat": 1533738951,
    "iss""https://oidc-current.bankidapis.no/auth/realms/current",
    "aud": [
      "signdoc"
    ],
    "sub""fccee936-1b4a-4cf4-a5e8-8d9f2e9c58b2",
    "typ""Bearer",
    "azp""oidc-testclient",
    "auth_time": 0,
    "session_state""27e69476-4cf9-4ada-af8c-cd93c68fc0ef",
    "acr""1",
    "allowed-origins": [],
    "resource_access": {
      "signdoc": {
        "roles": [
          "read_write"
        ]
      }
    },
    "clientId""oidc-testclient",
    "clientHost""172.16.0.158",
    "resource_claims": {},
    "clientAddress""172.16.0.158"
}