01 October 2020

OAuth 2.0 - OpenID Connect (OIDC)

 OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework.[1] The standard is controlled by the OpenID Foundation.

  1. Authorization Code Flow
  2. Implicit Flow
  3. Resource Owner Password Credentials Flow
  4. Client Credentials Flow
  5. Refresh Token Flow


direct grant

A way for a client to obtain an access token on behalf of a user via a REST invocation.

 



curl --location --request POST
'http://localhost:8180/auth/realms/spring2/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=user2' \
--data-urlencode 'password=welcome1' \
--data-urlencode 'client_id=login-app2' \
--data-urlencode 'scope=openid'
 
curl --location --request POST 'http://localhost:8180/auth/realms/SpringBootKeycloak/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=user1' \
--data-urlencode 'password=welcome1' \
--data-urlencode 'client_id=login-app' \
--data-urlencode 'client_secret=17c7b0a7-665d-4231-bc1f-818bda511d1f' \
--data-urlencode 'scope=openid'
 

{


Refresh token:

curl -X POST \
  http://localhost:8180/auth/realms/spring2/protocol/openid-connect/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=refresh_token&client_id=login-app2&client_secret=welcome1&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhZTY0YTA1Mi1iMGJlLTRjY2UtODUxNS1lYTM0MDY5YWQ1YTMifQ.eyJleHAiOjE2MTE5NTI3MjYsImlhdCI6MTYxMTk1MDkyNiwianRpIjoiZjA4MjFhMGMtZjdmNi00YmRkLTg4YTctZmZkOTIwZTA0YWQ5IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MTgwL2F1dGgvcmVhbG1zL3NwcmluZzIiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvc3ByaW5nMiIsInN1YiI6ImRkNGU2ZTQ2LWIwMjQtNDZmYS05ZjUzLWM3OWE2MDM5YWIzZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJsb2dpbi1hcHAyIiwic2Vzc2lvbl9zdGF0ZSI6IjUyYmU0ZTllLTVhNWMtNDFiZC1hZWVlLTg4ZjFiNTNhYjgwNiIsInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUifQ.FIAstcSWnq1ZUdHfgbIY9Z3u9_a2ywoFe9vxV-vwp6E'


 

Resources:

 


Blog Archive

Disclaimer

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.