Introduction

The DRACOON API is protected by OAuth. For information about OAuth, see: https://oauth.net/2, https://tools.ietf.org/html/rfc6749

Currently, only a Config Manager of the Provider Customer can create, change, and delete OAuth clients. However, created clients are valid for all customers.

OAuth clients can be viewed, created, changed, and deleted via the DRACOON Web App or API. To manage clients via the Web App, go to "Settings > Apps".

The following lines describe how to maintain clients via the API.

API end points for OAuth clients creation, update, and deletion

API request for OAuth clients registration

Request:

POST /api/v4/system/config/oauth/clients HTTP/1.1
Host: [HOST]
X-Sds-Auth-Token: [X-SDS-AUTH-TOKEN] 
Content-Type: application/json

{
   "clientName": "test",
   "clientSecret": "secret",
   "grantTypes": ["authorization_code", "implicit", "password", "refresh_token"],
   "redirectUrl": "https://api.example.com/callback",
   "accessTokenValidity": 28800,
   "refreshTokenValidity": 2592000
}

Response:

Status: 201 Created
Content-Type: application/json

{
   "clientName": "test",
   "clientId": "MTFeMz478sKuLTOE7qoeOOw5WvgnMDeR",
   "clientSecret": "secret",
   "grantTypes": ["authorization_code", "implicit", "password", "refresh_token"],
   "redirectUrl": "https://api.example.com/callback",
   "accessTokenValidity": 28800,
   "refreshTokenValidity": 2592000
}

Notes

• The client secret is optional. The server will generate one if no client secret is provided.
• The grant types "authorization_code", "implicit", and "password" can be activated. The grant type "client_credentials" is not supported.
• The issuing of a long-living Refresh Token can be activated via the grant type "refresh_token". (The Refresh Token is provided with the first Access Token.)
• The expiration interval of both tokens is stated in seconds and is optional. (Default values: Access Token=28800(8 hours), Refresh Token=2592000(30 days))