Authorization
Here you can see all APIs definitions around Authentication and Authorization.
Prerequisites
This document assumes you have created a Developer App and implemented Login with GlobaliD
Available APIs
Get the OpenID configuration for the Global ID OAuth2 server
Authorizations
Responses
200
OpenID configuration
application/json
get
GET /realms/globalid/.well-known/openid-configuration HTTP/1.1
Host: auth.global.id
Authorization: Bearer JWT
Accept: */*
200
OpenID configuration
{
"issuer": "text",
"authorization_endpoint": "text",
"token_endpoint": "text",
"userinfo_endpoint": "text",
"introspection_endpoint": "text",
"jwks_uri": "text",
"response_types_supported": [
"text"
],
"subject_types_supported": [
"text"
],
"id_token_signing_alg_values_supported": [
"text"
],
"token_endpoint_auth_methods_supported": [
"text"
],
"claims_supported": [
"text"
],
"grant_types_supported": [
"text"
],
"code_challenge_methods_supported": [
"text"
],
"scopes_supported": [
"text"
],
"response_modes_supported": [
"text"
],
"token_endpoint_auth_signing_alg_values_supported": [
"text"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"tls_client_certificate_bound_access_tokens": true,
"introspection_endpoint_auth_methods_supported": []
}
Authorizations
Query parameters
client_idstringRequired
redirect_uristringRequired
response_typestring · enumRequiredPossible values:
response_modestring · enumRequiredPossible values:
statestringRequired
noncestringRequired
code_challengestringOptional
Needed if you are doing PKCE
code_challenge_methodstring · enumOptionalPossible values:
Needed if you are doing PKCE with S256
Responses
302
Redirect to the provided redirect_uri with an authorization code
get
GET /realms/globalid/protocol/openid-connect/auth HTTP/1.1
Host: auth.global.id
Authorization: Bearer JWT
Accept: */*
302
Redirect to the provided redirect_uri with an authorization code
No content
Authorizations
Body
one ofOptional
or
or
or
Responses
200
Token response
application/json
post
POST /realms/globalid/protocol/openid-connect/token HTTP/1.1
Host: auth.global.id
Authorization: Bearer JWT
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 114
"grant_type='authorization_code'&client_id='text'&redirect_uri='text'&code='text'&code_challenge='text'"
200
Token response
{
"access_token": "text",
"expires_in": 1,
"refresh_expires_in": 1,
"refresh_token": "text",
"token_type": "text",
"id_token": "text",
"not-before-policy": 1,
"session_state": "text",
"scope": "text"
}
Authorizations
Body
tokenstringRequired
Token to introspect
client_idstringRequired
Client ID
client_secretstringRequired
Client secret
Responses
200
Token introspection response
application/json
post
POST /realms/globalid/protocol/openid-connect/introspect HTTP/1.1
Host: auth.global.id
Authorization: Bearer JWT
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 58
"token='text'&client_id='text'&client_secret='text'"
200
Token introspection response
{
"exp": 1,
"iat": 1,
"jti": "text",
"iss": "text",
"aud": "text",
"sub": "text",
"typ": "text",
"azp": "text",
"session_state": "text",
"acr": "text",
"scope": "openid offline_access",
"sid": "text",
"globalid": "text",
"groups": [
"text"
],
"client_id": "text",
"username": "text",
"token_type": "text",
"active": true
}
Authorizations
Responses
200
User information
application/json
get
GET /realms/globalid/protocol/openid-connect/userinfo HTTP/1.1
Host: auth.global.id
Authorization: Bearer JWT
Accept: */*
200
User information
{
"sub": "text",
"groups": [
"text"
],
"peferred_username": "text",
"username": "text"
}
APIs definitions in a OpenAPI file:
Next Steps
Now that you have information about the identity, you can call Identity resources.
Last updated