Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

For now we are using client authentication only (no user name) and generating the bearer tokens manually.  Eventually we will be using the more traditional methods to generate tokens, such as sending the user to authenticate with the Key Manger or passing along the SAML Assertion.

Setup - Subscribe to the API & Generate Keys

To generate the token one must first subscribe, subsequently you can just "regenerate" the token.

  1. Access the API store via https://api-dev.ucsd.edu/store (for now you have to make a hosts file change to skip the LB and you have to use port 9443 for this to work.)
  2. Create and Application (or use your "default application".
  3. Select the WebReg API and subscribe your application.
  4. View your subscriptions and Generate a production key (I'm not sure if sandbox will work). 
  5. The token that is generated should be used by your code to access the API. (This token is good for an hour, you can regenerate the token when you need or we can change the duration in the DB if necessary)

Test the API with Bearer

Test that the token works and everything is wired up right by using curl.

 curl -H "Authorization :Bearer 441aae1cb1ad1584cec2334d61eb25b5" https://api-dev.ucsd.edu:8243/webreg/2.1.0/schedule/editEnroll

Replace the token with the bearer token you just (re)generated.  You should get a response from the WebReg api indicating "Insufficient Parameters" or something similar.

Note: if you are skipping the Load Balancer and accessing the gateway directly, curl will complain about the certificate it is using.  Switch to http on port 8280 to avoid this issue.

Request a client auth token via API

You can generate a token directly without using the web UI by using curl.

 curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic SkRWNHlvanZkZjV4Y1ZPZVozX2JiUGdOWUFzYTpxTU5VeHc4WGxzMDV4RXJLQk5DSjVUTG1iT3dh, Content-Type: application/x-www-form-urlencoded" http://api-dev.ucsd.edu:8280/token

Replace the token with the bearer token you just (re)gen

 

 

 

Header: key/secret in your api basic auth headers

 

e.g. curl -X POST -k -u "4ppy0unf2TGPUyAbHgwBgM2Enfoa:nLmLl06rRHEgX0C9yxxD1rxyEUQa" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion={Base64 URL encoded Assertion}" https://localhost:9443/oauth2/token

 

   3. Use this access token in the header when you are invoking api that are exposed through the api manager.

 

Currently you can you this to invoke the api that is already set up in api manager ( youtube api). But later you can set up enrollment api in the api manager.

 

Note that #1 and relavent header will not required once API mgr updates its implementation to the latest OAuth specs.

 

FOr more information, refer to blog at 

http://soasecurity.org/2014/10/31/saml2-bearer-assertion-profile-for-oauth-2-0/

 

  • No labels