# Authentication
When activated, authentication is mandatory to access any API.
The supported authentication mechanism is OpenID Connect 1.0, namely the flows Client Credentials and the Resource Owner Password Credentials, inherited from the OAuth 2.0.
The supported tokens are signed JWTs that are obtain from the token response id_token, present when used the scope openid.
# Requesting a token
The token endpoint will vary depending on the configured Identify Provider (IdP).
If the embedded IdP is used, the endpoint is <IDencode base url>/idp/token.
# Client Credentials token request
POST /idp/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&scope=openid&client_id=<client_id>&client_secret=<client_secret>
1
2
3
4
2
3
4
# Resource Owner Password Credentials token request
POST /idp/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=password&scope=openid&client_id=<client_id>&client_secret=<client_secret>&username=<username>&password=<password>
1
2
3
4
2
3
4
# Token response
{
"access_token": "...",
"expires_in": 36000,
"refresh_expires_in": 1800,
"refresh_token": "...",
"token_type": "Bearer",
"id_token": "<JWT>",
"scope": "openid"
}
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
# Accessing APIs with the token
All API requests must include the HTTP header Authorization
Example:
POST /v1/enroll HTTP/1.1
Authorization: Bearer <id_token>
(...)
1
2
3
2
3