This document describes the process of authentication and token issuance with OAuth2.0 Credit.
Index
Credential
1) Create OAuth2.0 Credential
No. | Function |
1 | Create Credential Group - Studio > Credential > Create Credential Group |
2 | Create Credential - Select the appropriate Group > Create Credential |
3 | Select the Credential Type OAuth 2.0 |
4 | Creating Credential by Environmental- Dev, Stage, Production, Feature, Hotfix |
5 | Enter Credential's information (name and description) |
2) App-Credential Mapping
NBlock
1) Set the Request Header, Body for Token Generation
No. | Function |
1 | Configuring the Headers with HashpMap Block
- Content-Type : application/json |
2 | Configuring the Request Body with HashpMap Block
- grant_type : client_credentials
- client_id : null
- client_secret : null
- scope : Specifying allowed resource range |
3 | json format of the registered request body |
2) Get it with Request Data fetch and check it
No. | Function |
1 | Getting as a request data variable
- Fetch ID : request block ID |
2 | Encoding request data in Json format and checking with Debug block
- Check the request data in the console log. |
3 | Full parsing of request header data used in BizUnit API through __origin__ reserved word |
4 | Encoding the entire request data imported with the __origin__ reserved word to json and checking it with the Debug block
- Check in the console log |
3) Configure OAuth2.0 Token create in Statements
No. | Function |
1 | Creating token variable with Create / Set to Block |
2 | Entering the value required to create a Token with the Token Create block
- lifetime : Validity period(in seconds)
- token type : Setting Token type, if set to null, a Bearer type token is created
- supported-scope : Control of permission to API, register as ArrayList type if multiple requests are made.
- refresh-token lifetime : Validity period of refresh token(integer type)
- new refresh-token : If received a new access token with a refresh token, choose whether to receive a new refresh token with true/false
- extension : Additional extension function |
4) Response settings for receiving Token Info
5) Token issuance Test
•
Studio Testbed
No. | Function |
1 | After writing BizUnit, test API with Save ( ) > Build and Test button |
2 | Enter the information in the Request Header and Body.
Enter the OAuth2.0 credential information (client_id, client_secret) created through credential. |
3 | Click the Run button to check the token information created by the response. |
•
External API Test tool - Postman
No. | Function |
1 | After writing BizUnit, click Save ( ) > Build and click the Document button to go to the API specification page. |
2 | Enter the information in the Request Header and Body.
Enter the OAuth2.0 credential information (client_id, client_secret) created through credential. |
3 | Enter the information of the Request Body in Postman based on the contents of the API specification.
At this time, write the OAuth2.0 credential information (client_id, client_secret) created through credential. |
4 | Click the Send button for the API Test. |
5 | Check the token information created through the Response Body. |
6) Token Verification with OAuth2.0 Token Verify Block
No. | Function |
1 | Declaring HashMap block to receive token to be verified in Request Header
- Authorization : Bearer |
2 | Configuring the OAuth2.0 Token Verify block in Statements, and creating a variable verification to contain the verification result |
3 | Receiving the verification variable in the response body and sendind the result |
4 | Main verification result |
4-1 | Verify Success
- Token information response |
4-2 | Verify Fail
- Invalid token information |
4-3 | Verify Fail
- Expired |