To authorize a client application using the secret post type, you need to add the following parameters to the existing request:
client_assertion_type = urn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertion — one-time jwt token
Example:
client_id = id-wEkziJ6jW6dJg36GT2a1ww7C4BpLeXCrMRLAVgOyQNgSKZV
client_secret = N2f9TvacRuBsRLQ2mSw9HOQ2GoLCDIaDPsoXfT0xNu8kcuAZSO
Friendly OAuth2 Server
Friendly oAuth2 server documentation
Authorization key jwt
General information about client authorization using the key jwt method
1) A jwt token is created with the following parameters:
jti — token identifier in the OAuth2 server database
iss — client identifier
sub — client identifier
aud — OAuth2 server address
iat — token expiration time
2) The token is signed with the server's private key or the client application's own private key.
Example request in cURL:
curl --request POST \
--url http://localhost:9000/oauth2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer \
--data client_assertion=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJ0ZXN0LTE3MTgxOTQ4NzM1OTYiLCJpc3MiOiJpZC13RWt6aUo2alc2ZEpnMzZHVDJhMXd3N0M0QnBMZVhDck1STEFWZ095UU5nU0taViIsInN1YiI6ImlkLXdFa3ppSjZqVzZkSmczNkdUMmExd3c3QzRCcExlWENyTVJMQVZnT3lRTmdTS1pWIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo5MDAwL29hdXRoMi90b2tlbiIsImlhdCI6MTcxODE5NDg3M30.fVzFOOTe2DugYCQs-ArGB_w33waUjIbzppQo2RnonjCar2R1viNWZGNzVRm9qZpjR2k6aHoRgec7COYKDr8CODeZAqsiuiON6yboJjHSrOispUJL0cfqaS15BcMeGFCuhWo79t6bkSMCLiDwOWpeQY09hkfRbckr5x9WhLCwEN0NlABNU9nq6fXQfPsvQ8d1kdmv8qHTN9cD6gTi7htwrQ_rZaEM6cFmgHrEr5TgwSZgxole85W-JR2cL-33tIXsZlNEXlmKkFkP8wbdzIv8jnb1if13UiDgJZ9x3iFUTBaOipIMYAEINRmj_9oSZrsXhkRodm0Ydd2ayo8Bm59ieA
A practical example of client authorization using the key jwt method
0) Since in this section we will only test client authorization, in the admin panel we will set the OAuth2 mode - OAuth2 client credential flow, and the client authorization value Client key jwt
1) For training, we will create a test client
2) Open the modal form for the key area and generate private key jwt клиента
3) Let's create a POST request to the http://localhost:9000/oauth2/token address
And we will receive an access token.
A practical example of client authorization using the key jwt method with the client’s own keys
0) Since in this section we will only test client authorization, in the admin panel we will set the OAuth2 mode - OAuth2 client credential flow, and the client authorization value Client key jwt
1) For training, we will create a test client
2) Open the modal form for the key zone and generate your own client keys
3) Afterwards, generate a one-time token - the client’s own private key jwt
4) Let's create a POST request to address http://localhost:9000/oauth2/token
And we will receive an access token.