Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add docs how to obtain bearer token #6328

Merged
merged 2 commits into from
Apr 29, 2024
Merged

chore: add docs how to obtain bearer token #6328

merged 2 commits into from
Apr 29, 2024

Conversation

webzwo0i
Copy link
Member

Is it possible to add expiration date that is greater than 3600s?

@webzwo0i webzwo0i requested a review from SamTV12345 April 14, 2024 00:17
SamTV12345
SamTV12345 approved these changes Apr 14, 2024
View reviewed changes
Copy link
Member

@SamTV12345 SamTV12345 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks looks good :)

@SamTV12345
Copy link
Member

Is it possible to add expiration date that is greater than 3600s?

No not really. But we could add settings for overriding the value. It is in the security package.

@SamTV12345
Copy link
Member

@webzwo0i Should we add the configurable part of this in this pr or should I create a new one for that?

@jibon57
Copy link

jibon57 commented Apr 20, 2024
edited
Loading

@webzwo0i I was trying to follow your provided code but I am getting error like:

curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials
{"error":"invalid_client_metadata","error_description":"grant_types can only contain 'implicit' or 'authorization_code'"}

In my settings.json I have added:

  "sso": {
    "issuer": "${SSO_ISSUER:http://localhost:9001}",
    "clients": [
      {
        "client_id": "client_credentials",
        "redirect_uris": [],
        "response_types": [],
        "grant_types": ["client_credentials"],
        "client_secret": "client_credentials",
        "extraParams": [
          {
            "name": "admin",
            "value": "true"
          }
        ]
      }
    ]
  }

Any suggestion in where I'm doing mistake?

@SamTV12345
Copy link
Member

@webzwo0i I was trying to follow your provided code but I am getting error like:

curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials
{"error":"invalid_client_metadata","error_description":"grant_types can only contain 'implicit' or 'authorization_code'"}

In my settings.json I have added:

  "sso": {
    "issuer": "${SSO_ISSUER:http://localhost:9001}",
    "clients": [
      {
        "client_id": "client_credentials",
        "redirect_uris": [],
        "response_types": [],
        "grant_types": ["client_credentials"],
        "client_secret": "client_credentials",
        "extraParams": [
          {
            "name": "admin",
            "value": "true"
          }
        ]
      }
    ]
  }

Any suggestion in where I'm doing mistake?

Can you remove the "grant_types": ["client_credentials"] and replace it with "grant_types": ["code"]?

@jibon57
Copy link

jibon57 commented Apr 20, 2024

@SamTV12345 , thanks for reply but I'm getting same error e.g

{"error":"invalid_client_metadata","error_description":"grant_types can only contain 'implicit' or 'authorization_code'"}

by

  "sso": {
    "issuer": "${SSO_ISSUER:http://localhost:9001}",
    "clients": [
      {
        "client_id": "client_credentials",
        "client_secret": "client_credentials",
        "grant_types": ["code"],
        "redirect_uris": [],
        "response_types": [],
        "extraParams": [
          {
            "name": "admin",
            "value": "true"
          }
        ]
      }
    ]
  }

@jibon57
Copy link

jibon57 commented Apr 20, 2024
edited
Loading

@SamTV12345 , I just tried from docker etherpad/etherpad:develop with this settings:

  "sso": {
    "issuer": "${SSO_ISSUER:http://localhost:9001}",
    "clients": [
      {
        "client_id": "client_credentials",
        "client_secret": "client_credentials",
        "grant_types": ["client_credentials"],
        "redirect_uris": [],
        "response_types": [],
        "extraParams": [
          {
            "name": "admin",
            "value": "true"
          }
        ]
      }
    ]
  }

by calling:

curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials

This time it was success:

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6IjRmV1o3RklESlNaRExkU2xwa2FQODRRMXJGVUo1TXZpdjdiZlZ3YV9pckEifQ.eyJhZG1pbiI6InRydWUiLCJqdGkiOiJJcDE0cVlyeTAwaUs2WDJhTmFIVVUiLCJzdWIiOiJjbGllbnRfY3JlZGVudGlhbHMiLCJpYXQiOjE3MTM2MDYyMzIsImV4cCI6MTcxMzYwOTgzMiwiY2xpZW50X2lkIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MDAxIiwiYXVkIjoiYWNjb3VudCJ9.kkagJgEasm-w8jRC3FKAfC1CpU8p9Q5I3zD8LZY7lHfxOMD-NRlmN1kpXnhjmM_CK8kvy1aB-XDtgPJ1HSYlLx0TtwvItoRYix_zmMPjObftjPDSl4q-rHM3-UkKdqCozV8Wm1dzk3dg7Re6Jaa_jjlSKPd4WzmKsAwmWh6R_zqQ4rtYEzNlUaWI6g-_c_SNXlhxuWbjBK_NTQm07HhtPPQPMPaQO-CpRLJk_fS9Kg-25yuUki_KaiKG19xKVfApsnURLC_BDTuR1G4jEOuZRTs61n5xFVuiUaEpayPhGrOMQnU7rx1y7foMTD3_s1hIBufuEf-ehn1DUcaeA7W4PQ","expires_in":3600,"token_type":"Bearer"}

@SamTV12345
Copy link
Member

@SamTV12345 , I just tried from docker etherpad/etherpad:develop with this settings:

  "sso": {

    "issuer": "${SSO_ISSUER:http://localhost:9001}",

    "clients": [

      {

        "client_id": "client_credentials",

        "client_secret": "client_credentials",

        "grant_types": ["client_credentials"],

        "redirect_uris": [],

        "response_types": [],

        "extraParams": [

          {

            "name": "admin",

            "value": "true"

          }

        ]

      }

    ]

  }

by calling:

curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=code --client_credentials client_id=client_credentials --data client_secret=client_credentials

This time it was success:

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6IjRmV1o3RklESlNaRExkU2xwa2FQODRRMXJGVUo1TXZpdjdiZlZ3YV9pckEifQ.eyJhZG1pbiI6InRydWUiLCJqdGkiOiJJcDE0cVlyeTAwaUs2WDJhTmFIVVUiLCJzdWIiOiJjbGllbnRfY3JlZGVudGlhbHMiLCJpYXQiOjE3MTM2MDYyMzIsImV4cCI6MTcxMzYwOTgzMiwiY2xpZW50X2lkIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MDAxIiwiYXVkIjoiYWNjb3VudCJ9.kkagJgEasm-w8jRC3FKAfC1CpU8p9Q5I3zD8LZY7lHfxOMD-NRlmN1kpXnhjmM_CK8kvy1aB-XDtgPJ1HSYlLx0TtwvItoRYix_zmMPjObftjPDSl4q-rHM3-UkKdqCozV8Wm1dzk3dg7Re6Jaa_jjlSKPd4WzmKsAwmWh6R_zqQ4rtYEzNlUaWI6g-_c_SNXlhxuWbjBK_NTQm07HhtPPQPMPaQO-CpRLJk_fS9Kg-25yuUki_KaiKG19xKVfApsnURLC_BDTuR1G4jEOuZRTs61n5xFVuiUaEpayPhGrOMQnU7rx1y7foMTD3_s1hIBufuEf-ehn1DUcaeA7W4PQ","expires_in":3600,"token_type":"Bearer"}

Awesome so it is working great :).

@jibon57
Copy link

jibon57 commented Apr 20, 2024

@SamTV12345 I have seen your new commit: d64924e in where you are suggesting to use code instated of client_credentials which is not working. So far client_credentials seems correct.

@SamTV12345
Copy link
Member

@SamTV12345 I have seen your new commit: d64924e in where you are suggesting to use code instated of client_credentials which is not working. So far client_credentials seems correct.

Is it really working?

@jibon57
Copy link

jibon57 commented Apr 24, 2024

@SamTV12345 yes, from my side client_credentials is working: #6328 (comment)

@jibon57 jibon57 mentioned this pull request Apr 24, 2024
Closed
@SamTV12345
Copy link
Member

@webzwo0i What do you think? Do we need anything else?

@SamTV12345 SamTV12345 merged commit 8a76d2c into develop Apr 29, 2024
37 of 41 checks passed
@SamTV12345 SamTV12345 deleted the add-docs-oauth-api branch April 29, 2024 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SamTV12345 SamTV12345 SamTV12345 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@webzwo0i @SamTV12345 @jibon57