Authorization

Here you can see all APIs definitions around Authentication and Authorization.

Prerequisites

This document assumes you have created a Developer App and implemented Login with GlobaliD

Available APIs

Get OpenID configuration

get

Get the OpenID configuration for the Global ID OAuth2 server

Authorizations
Responses
200
OpenID configuration
application/json
get
GET /realms/globalid/.well-known/openid-configuration HTTP/1.1
Host: auth.global.id
Authorization: Bearer JWT
Accept: */*
200

OpenID configuration

{
  "issuer": "text",
  "authorization_endpoint": "text",
  "token_endpoint": "text",
  "userinfo_endpoint": "text",
  "introspection_endpoint": "text",
  "jwks_uri": "text",
  "response_types_supported": [
    "text"
  ],
  "subject_types_supported": [
    "text"
  ],
  "id_token_signing_alg_values_supported": [
    "text"
  ],
  "token_endpoint_auth_methods_supported": [
    "text"
  ],
  "claims_supported": [
    "text"
  ],
  "grant_types_supported": [
    "text"
  ],
  "code_challenge_methods_supported": [
    "text"
  ],
  "scopes_supported": [
    "text"
  ],
  "response_modes_supported": [
    "text"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "text"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": true,
  "tls_client_certificate_bound_access_tokens": true,
  "introspection_endpoint_auth_methods_supported": []
}

Authorization request

get
Authorizations
Query parameters
client_idstringRequired
redirect_uristringRequired
response_typestring · enumRequiredPossible values:
response_modestring · enumRequiredPossible values:
statestringRequired
noncestringRequired
code_challengestringOptional

Needed if you are doing PKCE

code_challenge_methodstring · enumOptional

Needed if you are doing PKCE with S256

Possible values:
Responses
302
Redirect to the provided redirect_uri with an authorization code
get
GET /realms/globalid/protocol/openid-connect/auth HTTP/1.1
Host: auth.global.id
Authorization: Bearer JWT
Accept: */*
302

Redirect to the provided redirect_uri with an authorization code

No content

Get access, refresh token

post
Authorizations
Body
one ofOptional
or
or
or
Responses
200
Token response
application/json
post
POST /realms/globalid/protocol/openid-connect/token HTTP/1.1
Host: auth.global.id
Authorization: Bearer JWT
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 114

"grant_type='authorization_code'&client_id='text'&redirect_uri='text'&code='text'&code_challenge='text'"
200

Token response

{
  "access_token": "text",
  "expires_in": 1,
  "refresh_expires_in": 1,
  "refresh_token": "text",
  "token_type": "text",
  "id_token": "text",
  "not-before-policy": 1,
  "session_state": "text",
  "scope": "text"
}

Introspect JWT token, check if it is valid and information contained

post
Authorizations
Body
tokenstringRequired

Token to introspect

client_idstringRequired

Client ID

client_secretstringRequired

Client secret

Responses
200
Token introspection response
application/json
post
POST /realms/globalid/protocol/openid-connect/introspect HTTP/1.1
Host: auth.global.id
Authorization: Bearer JWT
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 58

"token='text'&client_id='text'&client_secret='text'"
200

Token introspection response

{
  "exp": 1,
  "iat": 1,
  "jti": "text",
  "iss": "text",
  "aud": "text",
  "sub": "text",
  "typ": "text",
  "azp": "text",
  "session_state": "text",
  "acr": "text",
  "scope": "openid offline_access",
  "sid": "text",
  "globalid": "text",
  "groups": [
    "text"
  ],
  "client_id": "text",
  "username": "text",
  "token_type": "text",
  "active": true
}

Get user information

get
Authorizations
Responses
200
User information
application/json
get
GET /realms/globalid/protocol/openid-connect/userinfo HTTP/1.1
Host: auth.global.id
Authorization: Bearer JWT
Accept: */*
200

User information

{
  "sub": "text",
  "groups": [
    "text"
  ],
  "peferred_username": "text",
  "username": "text"
}

APIs definitions in a OpenAPI file:

OpenAPI file

Next Steps

Now that you have information about the identity, you can call Identity resources.

Last updated