Service: OAuth2 Client Registration

** WARNING: This service is experimental and may change without any notice.

registers an application as an OAuth2 client. Before starting an authorization, applications have to be registered first. Only registered users are allowed to register applications.

OAuth2 clients may be plugins that can be installed within a super client, e.g. Kalamar. Plugins have an additional properties source. See plugin registration.

Kustvakt supports two types of clients according to the OAuth2 specification (see RFC 6749 Section 2.1)):

1. Public clients that is not able to store and maintain client secret securely, e.g. browser and mobile applications.

2. Confidential clients that is able to maintain credentials, e.g. server-based applications.

OAuth2 client registration is usually done via KorAP web UI Kalamar (see the settings menu).

Available in: full version

Method: POST

Service URL: root/oauth2/client/register

Parameters

Header Parameters

Name	Required	Authentication scheme	Value
Authorization	yes	HTTP authentication with scheme: Bearer	OAuth2 access token
Content-Type	yes	content type of the input data	application/json

Request body

A JSON object with the following attributes:

Name	Required	Description	Type	Value
name	yes	the application name	String	e.g MyOAuth2Client
type	yes	determines whether the application can store credentials (client secret) or not. Public clients cannot, whilst confidential clients can (see RFC 6749 Section 2.1). The value must be in capital letters.	OAuth2ClientType	PUBLIC, CONFIDENTIAL
description	yes	description about the application	String
url	no	the application URL	String
redirect_uri	no	the application callback URI where the authorization code are to be sent	String
refreshTokenExpiry	no	defines a custom expiry for refresh token in seconds, by default 31536000 seconds equals to 1 year of time	int
source	no	describes a plugin source in JSON	JSON

Examples

Registering a confidential web-application

curl -H "Content-Type: application/json" 
     -H 'Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=' 
     -d '{"name":"MyOAuth2Client","type":"CONFIDENTIAL","description":"a 
        confidential web application","url":"http://example.client.com",
        "redirect_uri":"http://example.client.com/redirect"}'   
     http://localhost:8089/api/oauth2/client/register

Response

{
    "client_id": "fCBbQkA2NDA3MzM1Yw==",
    "client_secret": "KUMaFxs6R1WGud4HM22w3HbmYKHMnNHIiLJ2ihaWtB4N5JxGz
    Zgyqs5GTLutrORj"
}

Registering a desktop application

curl -H "Content-Type: application/json" 
     -H 'Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=' 
     -d '{"name":"My desktop client","type":"PUBLIC","description":"a 
        desktop client","url":"http://desktop.client.com",
        "redirect_uri":"http://desktop.client.com/redirect"}' 
     http://localhost:8089/api/oauth2/client/register

Response

{"client_id": "fCBbQkA0YTYwYzYwOQ=="}

Registering a plugin

curl -H "Content-Type: application/json" 
     -H 'Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=' 
     -d '{"name":"My plugin","type":"CONFIDENTIAL","description":" a 
         plugin","url":"http://example.plugin.com",
        "redirect_uri":"http://example.plugin.com/redirect",
        "refreshTokenExpiry" : 7776000,
        "source": {"name"}:"{My plugin}"}'   
     http://localhost:8089/api/oauth2/client/register

Response

{
  "client_id" : "tG6HNFmrt7dm7RHJNmGh9H",
  "client_secret" : "NHInXJ7EmYUiC-EPu18EYg"
}

References

Hardt, D., Ed., The OAuth 2.0 Authorization Framework, RFC 6749, October 2012. [Online]. Available: https://tools.ietf.org/html/rfc6749

Parecki, Aaron. OAuth 2.0 Servers. [Online]. Available: https://www.oauth.com/