Versions Compared

Old Version 1

changes.mady.by.user ubisebastian

Saved on

compared with

New Version Current

changes.mady.by.user John Jellema

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of contents

...

After a successful CustomerID installation or upgrade eIDM Services site has CustomerID API application visible in SSO Management UI.  The API is accessible using OAuth2 to a group named CustomerID API Users. In order to access the API, a new OAuth2 application must be created and an API user needs to be defined. The following steps will guide you through these steps.

...

Create new OAuth2 client application as instructed in Management UI Applications or alternatively use the Management API. Allow CustomerID API Users to access the newly created application and enable for example password.2 method or your preferred method for the application.

Tip

The following OAuth2 client metadata describes a simple OAuth2 client that can request an access token using OAuth2 Resource Owner Password Credentials Grant.

Code Block
{
  "client_id": "... redacted ...",
  "client_secret": "..redacted..."
}


...

Add a user to CustomerID API Users group e.g. with the Management UI. You can choose from the following options:

...

Any of these actions can also be performed using the Management API

Locate API scope

In order to access the CustomerID API you need its client ID for the scope parameter of the OAuth2 Token Request. This client ID has been defined in your linux/win32.config file with setting: rest.oauth2.client.uuid and is visible in eIDM Services → Applications → CustomerID API as depicted here

...

Follow these steps on each CustomerID node by applying the instructions from here:  Add Server Certificate to Java Trust Store - SSO

  • When SSO is installed on different server than CustomerID copy the SSO certificate file to the CustomerID server
  • Add certificate to Java trust store and
  • Restart CustomerID i.e. WildFly

Verify the API works

The following examples use the REQ003 List Organizations API call documented in REST API 2.0 - CustomerID.

Test the connection

You can start testing the connection using curl. You may use the --insecure flag in case self-signed certificates are used:

Code Block
languagebash
$ curl --request GET 'https://<customerid-base-url>/customerid-rest/services/2.0/organizations?technicalName=not-found'

...

Different SSO endpoints for OAuth2 and how to find them are explained in OAuth 2.0 and OpenID Connect metadata.

Get the access token e.g. with OAuth2 Password grant:

Code Block
languagebash
$ curl \
  --request POST 'https://<sso-base-url>/uas/oauth2/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'grant_type=password' \
  --data-urlencode 'scope=openid <customerid-api-client-id>' \
  --data-urlencode 'client_id=<oauth2-client-id>' \
  --data-urlencode 'client_secret=<oauth2-client-secret>' \
  --data-urlencode 'username=<customerid-api-user>' \
  --data-urlencode 'password=<customerid-api-password>'

...

Code Block
languagebash
$ curl \
  --request PUTPOST 'https://<customerid-base-url>/customerid-rest/services/2.0/organizations?technicalName=not-found' \
  --header 'Authorization: Bearer <your access token here>'

...