OAuth2 is an open protocol for resource authorization. Applications can obtain access tokens through OAuth and use the tokens to request user resources from the server. Applications can use the OAuth application for centralized authentication.

Procedure

  1. Log on to the IDaaS console as an IT administrator. For more information, see Logon in Administrator Guide.
  2. In the left-side navigation pane, choose Applications > Add Application.
  3. Find the OAuth2 application and click Add Application in the Actions column.

  4. View the details of the OAuth2 application and obtain the values of AppKey, AppSecret, and Authorize URL.

  5. Open the Authorize URL in your browser and use the authorized account to log on. After successful logon, you will be redirected to the webhook address. Extract the value of the code parameter from the address bar of the browser.

  6. Use Postman to send a POST request to http://{IDaaS_server}/oauth/token?grant_type=authorization_code&code={code}&client_id={AppKey}&client_secret={AppSecret}&redirect_uri={redirect_uri}
    • Replace {IDaaS_server} with the IP address of the IDaaS server.
      Note To obtain IP address of the IDaaS server, log on to the IDaaS console and obtain the value in the Portal API Address for User Access.

    • Replace {code} with the value of the code parameter obtain in step 5.
      Notice The value of the code parameter can only be used once.
    • Replace {AppKey} and {AppSecret} with the values obtained in step 4.

    • Replace {redirect_uri} with the value of Redirect URL that you specified in step 3.
  7. The IDaaS server returns the access token, which can be used to access IDaaS server resources.
  8. Use Postman to send a GET request to http://{IDaaS_server} /api/bff/v1.2/oauth2/userinfo? access_token={access_token}
    Note v1.2 indicates the version. Replace it with the actual version. If no version number is written in js, enter v1 here. If a version number is written in js, enter that value here.

API operations

  1. Request URI: /oauth/token
    • Description: You can call this operation to obtain the access token.
    • Request parameters
      Parameter Type Required Example Description
      code String Yes vuQ3n6 The value of the code parameter in the callback after a successful logon.
      client_id String Yes oauth2 client_id OAuth2 client_id
      client_secret String Yes oauth2 client_secret OAuth2 client_secret
      redirect_uri String Yes http://example.com The redirect URL
    • Response parameters
      Parameter Type Example Description
      access_token String 333ab704-abc0-48b3-8af0-496eedd15383 The access token returned.
      token_type String bearer The type of the access token.
      expires_in String 7199 The expiration time of the access token.
      scope String read The granted permissions.
    • Error codes
      HTTP status code Error code Error message Description
      400 invalid_grant Invalid authorization code: "code". The error message returned because the value of the code parameter is invalid.
      400 invalid_grant Redirect URI mismatch. The error message returned because the value of Redirect URI is invalid.
      401 Unauthorized Unauthorized The error message returned because your access is not authorized.
      403 Forbidden Forbidden The error message returned because your access was denied.
      404 ResourceNotFound ResourceNotFound The error message returned when the specified resource does not exist.
      415 UnsupportedMediaType UnsupportedMediaType The error message returned because the media type is not supported.
      500 InternalError The request processing has failed due to some unknown error, exception or failure. The error message returned because an internal error has occurred.
  2. Request URI: /api/bff/v1.2/oauth2/userinfo
    • Description: You can call this operation to obtain user details.
    • Request parameters
      Parameter Type Required Example Description
      access_token String Yes 333ab704-abc0-48b3-8af0-496eedd15383 The access token.
    • Response parameters

      Sample responses

      {
      "success": true,
      "code": "200",
      "message": null,
      "requestId": "59C5766B-C7F9-4DF6-B5E4-0F2A89942749",
      "data": {
          "sub": "4982789226325725762",
          "ou_id": "5920417439492153461",
          "nickname": "admin",
          "phone_number": null,
          "ou_name": "PG China",
          "email": "sz@xxxx.com",
          "username": "admin_wli"
        }
      }

      Parameters for running the Spark Structured Streaming program

      Parameter Type Example Description
      sub String 4982789226325725762 The external ID of the account.
      username String admin_wli The username of the account.
      nickname String admin The nickname of the account.
      email String sz@xxxx.com The email address of the account.
      phone_number String null The phone number of the account.
      ou_name String PG China The name of the organization to which the account belongs.
      ou_id String 5920417439492153461 The external ID of the organization to which the account belongs.
    • Error codes

      HTTP status code Error code Error message Description
      401 Unauthorized Unauthorized The error message returned because your access is not authorized.
      403 Forbidden Forbidden The error message returned because your access was denied.
      404 ResourceNotFound ResourceNotFound The error message returned when the specified resource does not exist.
      415 UnsupportedMediaType UnsupportedMediaType The error message returned because the media type is not supported.
      500 InternalError The request processing has failed due to some unknown error, exception or failure. The error message returned because an internal error has occurred.