Oauth

[nesh170]

Flow for users to log in through NetID:-

1. Frontend should redirect to this link

   https://oauth.oit.duke.edu/oauth/authorize?response_type=code&redirect_uri=<redirect_uri>&client_id=asap-inventory-system&scope=basic+identity%3Anetid%3Aread&state=<randomly_generated_state>

   Redirect_uri is a url where the oauth will redirect to on success or fail. If success, the auth_token will be appended to the url parameter

2. Convert the auth_token to a Duke Access_token POST /api/user/auth/duke HTTP/1.1 Host: localhost:8000 <--note it is our own server Content-Type: application/json

Request:

    {
      "code":"<auth_token>",
      "redirect_uri":"<redirect_uri>"
    }

Response:

{
  "access_token": "<duke_access_token>",
  "token_type": "Bearer",
  "refresh_token": "<refresh_token>",
  "expires_in": 3600,
  "scope": "basic identity:netid:read"
}

3. Convert the Duke OAuth token to a ASAP_Inventory Oauth Token to use ASAP API's POST /auth/convert-token HTTP/1.1 Host: localhost:8000 Content-Type: application/x-www-form-urlencoded Request:

   grant_type=convert_token&client_id=OCMIHNG0WSjC3679oo6LpgMMy0iucOQRoxDGsQ1F&backend=duke&token=<duke_access_token>

Response:

{
  "access_token": "<access_token>",
  "expires_in": 3600,
  "refresh_token": "<refresh_token>",
  "scope": "read groups write",
  "token_type": "Bearer"
}

Now you can use the asap_access_token and append it to the api calls like the old way Authorization: "Bearer "

[ankitkayastha]

OAuth token is appended to end as URL parameter.

[nesh170]

In addition, added API call to update users

PATCH /api/user/ HTTP/1.1 Host: localhost:8000 Content-Type: application/json Authorization: Bearer Request:

{
    "is_staff": true,
        "is_superuser": true
}

Response returns 200 OK if successful