bellebaum
commented
1 year ago I have two potential solutions for you :)
The manual way
In the end, what you want Postman to send is the following HTTP header (ct. RFC 6750):
Authorization: Bearer $token
The token needs to be an access token issued by Omejdn and including the scope omejdn:admin.
Your client configuration looks to be set up correctly to be granted this scope upon request.
However, there seem to be some typos in your cURL command, in the data section:
- The
client_assertion_typeshould beurn:ietf:params:oauth:client-assertion-type:jwt-beareras per RFC 7523. - Double check that the spaces between the scopes are correctly encoded when sent this way. If in doubt,
omejdn:adminis the only scope necessary for Admin API access.
You can always check out the scripts/test.sh file in this repository to see how things are done :)
Using Postman
I must admit that I do not have any experience with Postman, but it seems to be smart enough to get a token for you. I am following this tutorial and filling in the details.
First, you should use register another client with Omejdn, as Postman seems to be unable to authenticate itself using private_key_jwt.
Here is an example client which should work with Postman. Please change the client secret and double check the redirect URI.
- client_id: postman
client_secret: change_me
grant_types: authorization_code
token_endpoint_auth_method: client_secret_basic
scope: omejdn:admin
redirect_uris: https://getpostman.com/oauth2/callback
attributes: []Afterwards, you should be able to follow the tutorial starting at step 4. In step 7, fill in the above values. The Grant Type should be with PKCE if possible (though this is not necessary), the Authorization and Token URLs of Omejdn can be seen in your sceenshot above and the Client Authentication should be "Send as Basic Auth Header".
You should now be greeted by the same Login screen used by the official Omejdn UI, and can login using any Admin account. (You should have changed the password in .env in this repo).
AnaCarolinaChaves
The Problem
When accessing the DAPS UI there is a public page with various endpoints. I would like to access the client certificate one, which is on "https://vcese19.inesctec.pt/auth/api/v1/config/clients/keys/:client_id". However, when using postman, I receive a 401Unauthorized.
I would like to know the attributes I need to send as headers or parameters to access that endpoint.
My Setup
My client is configured as follows:
I want to use endpoint
https://vcese19.inesctec.pt/auth/api/v1/config/clients/keys/:97:4F:A6:8B:FD:23:2E:5B:31:74:AF:E6:89:B8:66:6D:04:25:B0:26:keyid:27:A8:D6:69:E6:25:47:BA:09:8D:98:E5:DF:79:3F:09:89:F4:4D:83on Postman.As this returns a 401 Unauthorized, I tried to obtain the client assertion by the running script
create_test_token.rb. Then, I used the response to run the command:curl https://vcese19.inesctec.pt/auth/token --data "grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertio_assertion=<PREVIOUS_RESPONSE>&scope=idsc:IDS_CONNECTOR_ATTRIBUTES_ALL omejdn:admin omejdn:read omejdn:write"However, this returns a{"error":"invalid_client","error_description":"Client unknown"}error. Is there something on the configuration that I'm missing?I also tried to access this endpoint using a Token Bearer and using the token that the connector displays on the logs, and it still returned the 401 Unauthorized.
Am I missing some step or some attribute on the header?
What I expected to happen
I expected to receive some information regarding the client.