Table of contents
...
After a successful CustomerID installation or upgrade eIDM Services site has CustomerID API application visible in SSO Management UI. The API is accessible using OAuth2 to a group named CustomerID API Users. In order to access the API, a new OAuth2 application must be created and an API user needs to be defined. The following steps will guide you through these steps.
...
Create new OAuth2 client application as instructed in Management UI Applications or alternatively use the Management API. Allow CustomerID API Users to access the newly created application and enable for example password.2
method or your preferred method for the application.
Tip | ||
---|---|---|
The following OAuth2 client metadata describes a simple OAuth2 client that can request an access token using OAuth2 Resource Owner Password Credentials Grant.
|
...
Add a user to CustomerID API Users group e.g. with the Management UI. You can choose from the following options:
...
Any of these actions can also be performed using the Management API.
Locate API scope
In order to access the CustomerID API you need its client ID for the scope parameter of the OAuth2 Token Request. This client ID has been defined in your linux/win32.config
file with setting: rest.oauth2.client.uuid
and is visible in eIDM Services → Applications → CustomerID API as depicted here
...
Follow these steps on each CustomerID node by applying the instructions from here: Add Server Certificate to Java Trust Store - SSO
- When SSO is installed on different server than CustomerID copy the SSO certificate file to the CustomerID server
- Add certificate to Java trust store and
- Restart CustomerID i.e. WildFly
Verify the API works
The following examples use the REQ003 List Organizations API call documented in REST API 2.0 - CustomerID.
Test the connection
You can start testing the connection using curl
. You may use the --insecure
flag in case self-signed certificates are used:
Code Block | ||
---|---|---|
| ||
$ curl --request GET 'https://<customerid-base-url>/customerid-rest/services/2.0/organizations?technicalName=not-found' |
...
Different SSO endpoints for OAuth2 and how to find them are explained in OAuth 2.0 and OpenID Connect metadata.
Get the access token e.g. with OAuth2 Password grant:
Code Block | ||
---|---|---|
| ||
$ curl \ --request POST 'https://<sso-base-url>/uas/oauth2/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=password' \ --data-urlencode 'scope=openid <customerid-api-client-id>' \ --data-urlencode 'client_id=<oauth2-client-id>' \ --data-urlencode 'client_secret=<oauth2-client-secret>' \ --data-urlencode 'username=<customerid-api-user>' \ --data-urlencode 'password=<customerid-api-password>' |
...
Code Block | ||
---|---|---|
| ||
$ curl \ --request PUTPOST 'https://<customerid-base-url>/customerid-rest/services/2.0/organizations?technicalName=not-found' \ --header 'Authorization: Bearer <your access token here>' |
...