APIs#
Token Introspection#
This API defines a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.
Configuration properties:
introspectionAccessTokenMustHaveUmaProtectionScope
- oxauth configuration which defines whetheraccess_token
used in Authorization header must haveuma_protection
scope or not. If set to true andaccess_token
in Authorization header does not haveuma_protection
scope then request is rejected with 403 forbidden HTTP code with appropriate log message in oxauth.log file.
Path#
/restv1/introspection
introspect#
GET or POST
/restv1/introspection
Client introspects OAuth 2 token.
URL#
http://sample.com/restv1/introspection
Parameters#
- token - REQUIRED. The string value of the token. For access tokens, this is the "access_token" value returned from the token endpoint.
- response_as_jwt - OPTIONAL. Boolean value with default value false. If true, returns introspection response as JWT (signed based on client configuration used for authentication to Introspection Endpoint).
Response#
Sample request/response
POST /introspect HTTP/1.1
Host: sample.com
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer 23410913-abewfq.123483
token=2YotnFZFEjr1zCsicMWpAA
response_as_jwt=false
HTTP/1.1 200 OK
Content-Type: application/json
{
"active": true,
"client_id": "l238j323ds-23ij4",
"username": "jdoe",
"scope": "read write dolphin",
"sub": "Z5O3upPC88QrAjx00dis",
"aud": "https://protected.example.net/resource",
"iss": "https://server.example.com/",
"exp": 1419356238,
"iat": 1419350238,
"extension_field": "twenty-seven"
}
Errors#
Status Code | Reason |
---|---|
401 | Unauthorized if access_token in Authorization header is not valid |
400 | Bad request if request is malformed. |
ID Generation API#
This section will discuss a few APIs used in the Gluu Server for ID generation.
Path#
/restv1/id
Overview#
The API convention is set as id followed by prefix and type or /id/{prefix}/{type}/
.
Please see the following table to specify what type you are generating. The prefix
is used in the
inum to make it possible to know the type of object just by looking at the identifier.
prefix |
type |
description |
---|---|---|
0000 | people | Person object |
0001 | organization | Organization object |
0002 | appliance | Appliance object |
0003 | group | Group object |
0004 | server | Server object |
0005 | attribute | User attribute (claim) object |
0006 | tRelationship | SAML Trust Relationship object |
0008 | client | OAuth2 Client object |
0009 | scope | OAuth2 Scope Object |
0010 | uma-resource-set | UMA Resource Set Object |
0011 | interception-script | Gluu Server interception script object |
0012 | sector-identifier | Managed Sector Identifier URI |
generateJsonInum
GET/id/{prefix}/{type}/
Generates ID for given prefix and type.
URL
http://gluu.org/id/{prefix}/{type}/
Parameters
- path
Parameter | Required | Description | Data Type |
---|---|---|---|
prefix | true | Prefix for id. E.g. if prefix is @!1111 and server will generate id: !0000 then ID returned by service would be: @!1111!0000 | string |
type | true | Type of id | string |
- header
|Parameter|Required|Description|Data Type| |Authorization|false||string|
Response
String[Response]
generateHtmlInum
GET/id/{prefix}/{type}/
Generates ID for given prefix and type.
URL
http://gluu.org/id/{prefix}/{type}/
Parameters
- path
Parameter | Required | Description | Data Type |
---|---|---|---|
prefix | true | Prefix for id. E.g. if prefix is @!1111 and server will generate id: !0000 then ID returned by service would be: @!1111!0000 | string |
type | true | Type of id | string |
- header |
Parameter | Required | Description | Data Type |
---|---|---|---|
Authorization | false | The authorization sent as a String | string |
Response
String[Response]
Errors
generateTextInum
GET/id/{prefix}/{type}/
Generates ID for given prefix and type.
URL
http://gluu.org/id/{prefix}/{type}/
Parameters
- path
Parameter | Required | Description | Data Type |
---|---|---|---|
prefix | true | string | |
type | true | string |
- header
Parameter | Required | Description | Data Type |
---|---|---|---|
Authorization | false | string |
Response
String[Response]
Errors
generateXmlInum
GET/id/{prefix}/{type}/
Generates ID for given prefix and type.
URL
http://gluu.org/id/{prefix}/{type}/
Parameters
- path
Parameter | Required | Description | Data Type |
---|---|---|---|
prefix | true | Prefix for id. E.g. if prefix is @!1111 and server will generate id: !0000 then ID returned by service would be: @!1111!0000 | string |
type | true | Type of id | string |
- header |
Parameter | Required | Description | Data Type |
---|---|---|---|
Authorization | false | string |
Response
String[Response]
Errors
Status Code| | Reason| |
---|
generateHtmlInum
GET/id/{prefix}/{type}/
Generates ID for given prefix and type.
URL
http://gluu.org/id/{prefix}/{type}/
Parameters
- path
Parameter | Required | Description | Data Type |
---|---|---|---|
prefix | true | Prefix for id. E.g. if prefix is @!1111 and server will generate id: !0000 then ID returned by service would be: @!1111!0000 | string |
type | true | Type of id | string |
- header |
Parameter | Required | Description | Data Type |
---|---|---|---|
Authorization | false | string |
Response
String[Response]
Errors
Status Code| | Reason| |
---|