You are viewing an old version of this content. View the current version.
Compare with Current
View Version History
Version 1
Current »
The SignDoc RS service uses the default Access Token format of the OIDC Provider from BankID, adapted to the Client Credential flow.
Eligibile OIDC Clients can request Access Tokens for Signdoc RS by invoking the Token endpoint using Client Credential Grant and supplying appropriate scope value. The Access Token must be added as an OAuth2 Bearer Token to subsequent requests to endpoints for the SignDoc RS API.
Example request:
POST /auth/realms/current/protocol/openid-connect/token
HTTP/1.1
Host: oidc-current.bankidapis.no
Content-Type: application/x-www-form-urlencoded
Authorization: Basic b2lkYy10ZXN0Y2xpZW50OmVmMWE4ZWM2LTUwODctNDQ0Yy04NGJlLTU0YTYxZjg4MTIyZQ==
grant_type=client_credentials&scope=signdoc%2Fread_write
|
The following is an example of a valid Access Token to the SignDoc resource server. The resource designator signdoc as well as the role read_write is added to the resource_access claim of the access token to signify access to the associated endpoint of the SignDoc RS API.
{
"jti": "0cd01f9a-f181-4f10-beea-b24bb729e4cf",
"exp": 1533739251,
"nbf": 0,
"iat": 1533738951,
"iss": "https://oidc-current.bankidapis.no/auth/realms/current",
"aud": [
"signdoc"
],
"sub": "fccee936-1b4a-4cf4-a5e8-8d9f2e9c58b2",
"typ": "Bearer",
"azp": "oidc-testclient",
"auth_time": 0,
"session_state": "27e69476-4cf9-4ada-af8c-cd93c68fc0ef",
"acr": "1",
"allowed-origins": [],
"resource_access": {
"signdoc": {
"roles": [
"read_write"
]
}
},
"clientId": "oidc-testclient",
"clientHost": "172.16.0.158",
"resource_claims": {},
"clientAddress": "172.16.0.158"
}
|
