Jetzt verfügbar:  Berichte für DRACOONMehr Infos

Static auth token

Kommentare

5 Kommentare

  • Offizieller Kommentar
    Avatar
    Michael Netter

    Hi Nick,

    If your web app has a backend part, you could do the following:

    1. Register a new OAuth client with grant type "password flow".
    2. On the backend part of your web app, store the credentials for the admin user.
    3. When the user calls your web app, the backend part takes the admin credentials and performs a password flow-based OAuth authentication (which is non-interactive) and obtains a token. Then the token is used to make the call to the DRACOON API.

    Hope this helps!

    Best regards,

    Michael

    Aktionen für Kommentare Permalink
  • Avatar
    Nick Horatiu

    Hello Michael,

    Can this token also expire just like the grant type one has with normal flow? 

    We wanted something that could just live in configuration file or be hardcoded somewhere. It would mean that any call the admin will perform can fail because of an expired token so it adds extra logic around each call to API if I'm not mistaken. 

    Thanks,
    Nick.

    0
    Aktionen für Kommentare Permalink
  • Avatar
    Michael Netter

    Hi Nick,

    You can set the expiration of the access token and the refresh token when creating a new OAuth client via POST /system/config/oauth/clients.

    Best regards,

    Michael

    0
    Aktionen für Kommentare Permalink
  • Avatar
    Nick Horatiu

    Hello Michael,

    Is this deprecated or has it been removed in V 4.0 of the API? I was unable to find it in Swagger. 

    Thanks
    Nick.

    0
    Aktionen für Kommentare Permalink
  • Avatar
    Michael Netter

    Hey Nick,

    You can find the endpoint here:

    https://dracoon.team/api/swagger-ui.html#/system-auth-config/createOAuthClient

    POST /system/config/oauth/clients

    The fields are called "refreshTokenValidity" and "accessTokenValidity"

    Best regards,

    Michael

    0
    Aktionen für Kommentare Permalink

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.