Use Case Scenario
- This scenario demonstrates the following use case:
- A client registers itself through dynamic client registration.
- A client requests an access token with a client credentials grant.
Dynamic Client Registration Request
POST https://oidc.airlock.com/auth-login/rest/public/tech-client-registration/oauth2/myAS/register { "client_name": "Sample Client", "client_uri": "https://test-client.airlock.com", "scope": "strong client-scope", "token_endpoint_auth_method": "client_secret_basic", "redirect_uris": [ "https://sample-client.airlock.com/redirectUri" ], "response_types": [ "code" ], "grant_types": [ "authorization_code", "refresh_token" ], "contacts": [ "Peter Sample" ] }
client_id
and client_secret
are generated by the authorization server.scope
is limited by an additional processor to the string client-scope
. The scope strong
was not accepted by the authorization server and is therefore missing from the response.Code Block Dynamic Client Registration Response
200 OK { "scope": "client-scope", "contacts": [ "Peter Sample" ], "client_id": "5572a786-010e-48a3-8c87-0d94d263f3b9", "client_secret": "WMKA5QLW5iuFGt5CsePYQBYbuDL8DcCD", "client_secret_expires_at": 0, "client_id_issued_at": 1597332712, "redirect_uris": [ "https://test-client.airlock.com/redirectUri" ], "token_endpoint_auth_method": "client_secret_basic", "grant_types": [ "authorization_code", "refresh_token" ], "response_types": [ "code" ], "client_name": "Sample Client", "client_uri": "https://sample-client.airlock.com" }
The client credentials grant started as a request on the token endpoint with grant_type
set to client_credentials
.
The client uses basic_auth
as defined in the token_endpoint_auth_method
for authentication. The credentials used are client_id
and client_secret
from the dynamic client registration response above.
Client Credentials Grant Request
POST https://oidc.airlock.com/auth-login/rest/oauth2/authorization-servers/myAS/token Content-Type: application/x-www-form-urlencoded Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ grant_type=client_credentials& scope=client-scope
The authorization server successfully validated the client's credentials and responds with an access token:
Client Credentials Grant Response
200 OK { "access_token": "eyJraWQiOiI3...YeQ0iR-25g", "scope": "client-scope", "token_type": "Bearer", "expires_in": 18000 }