LoginSignup
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@namikitakeo(岳夫 並木)

できるオーオース Resource Owner Password Credentials Grant編

Last updated at Posted at 2020-03-22

前回は一番かんたんなClient Credentials Grantでしたが、今回はつぎにかんたんなResource Owner Password Credentials Grantを体験してみます。
https://qiita.com/namikitakeo/items/0c283b2e5da55670c542

Resource Owner Password Credentials Grantは、username/passwordパラメータがやっかいで嫌われているのですが、わたしは煮えきらない感じが嫌いではありません。

さっそくResource Owner Password Credentials Grantでaccess_tokenを取得します。なお当然ですがclient_idとclient_secretは環境ごとに異なります。

# curl -k -d "client_id=admin-cli&client_secret=e2322690-1d9c-427c-882c-cdbf19013410&username=admin&password=Password#1&grant_type=password" https://ubuntu18.japaneast.cloudapp.azure.com/auth/realms/master/protocol/openid-connect/token

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJBZ1F6anNzTFRQemlIZlhWWFRTUmJGT3RqVHlkY25IOHN2OHJ0NHdnY2JrIn0.eyJqdGkiOiJiOTVjZWZhOC04NGIzLTRhM2MtYTZhNC04ZDA1MDBhMTBjMzUiLCJleHAiOjE1ODQ4NjE0NzIsIm5iZiI6MCwiaWF0IjoxNTg0ODYxNDEyLCJpc3MiOiJodHRwczovL3VidW50dTE4LmphcGFuZWFzdC5jbG91ZGFwcC5henVyZS5jb20vYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiZWI5MjlhZDAtMDc3MS00NWE2LTg2NDktNTdiNDRhZWM2MWY5IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiODA0MjYyZWItZTFiMy00YzJlLTk3ZDItN2ExYzE3YTVlMTQ1IiwiYWNyIjoiMSIsInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ifQ.NtjhqEUxheNvDI25oSLEUoVQhVUtSRC8ZC7V6DQ7gyrCzT7TGeqxH3-L4xj8UkivOW9cP45fcRMHBsoWvYwADtghTkRjVWycLRmPcctKLd8lELVuk--t7UgDJnL5uVnSLDAdRHnpYzI5oG6FKIZ8pyaEkS9unXNTj7gg5SNGssY4HDto3qLOINdec7D3ZxIgIvY5yjx1RlVwm9VKaBbKzt12cIJ0EGShPs6NqsQXZ-7Q1zDAv6tpgkdZzgQZI72keELDVqxeO6y9h5STjm54Z4JpeFL_im77a17ki5cYQb4QQuTS0lV4Hcdw2k-09cQDhF6EgcLt93F9wWJq8N6GIw","expires_in":60,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1OTRlZDU5NS02ZDcxLTQ3NjctYTliZC04NTAwZDJhNjhmZmQifQ.eyJqdGkiOiIwYmJmZDFhNC04NDNjLTRjMWYtOTI1Mi1kMjU1MTNkYjY0Y2UiLCJleHAiOjE1ODQ4NjI5NDQsIm5iZiI6MCwiaWF0IjoxNTg0ODYxMTQ0LCJpc3MiOiJodHRwczovL3VidW50dTE4LmphcGFuZWFzdC5jbG91ZGFwcC5henVyZS5jb20vYXV0aC9yZWFsbXMvbWFzdGVyIiwiYXVkIjoiaHR0cHM6Ly91YnVudHUxOC5qYXBhbmVhc3QuY2xvdWRhcHAuYXp1cmUuY29tL2F1dGgvcmVhbG1zL21hc3RlciIsInN1YiI6ImViOTI5YWQwLTA3NzEtNDVhNi04NjQ5LTU3YjQ0YWVjNjFmOSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJhZG1pbi1jbGkiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiI5MWI5ZjkxNi00NTQzLTQzYWItOGNhNy04YzFhMjc0NmRmZGEiLCJzY29wZSI6InByb2ZpbGUgZW1haWwifQ.w3tK6FXEWigmQOxrhny2jdo9xG0dpAwu8aHmtbLObNY","token_type":"bearer","not-before-policy":0,"session_state":"91b9f916-4543-43ab-8ca7-8c1a2746dfda","scope":"profile email"}

かんたんにaccess_tokenが取得出来たのでuserinfoを叩いてみます。

% curl -k -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJBZ1F6anNzTFRQemlIZlhWWFRTUmJGT3RqVHlkY25IOHN2OHJ0NHdnY2JrIn0.eyJqdGkiOiJiOTVjZWZhOC04NGIzLTRhM2MtYTZhNC04ZDA1MDBhMTBjMzUiLCJleHAiOjE1ODQ4NjE0NzIsIm5iZiI6MCwiaWF0IjoxNTg0ODYxNDEyLCJpc3MiOiJodHRwczovL3VidW50dTE4LmphcGFuZWFzdC5jbG91ZGFwcC5henVyZS5jb20vYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiZWI5MjlhZDAtMDc3MS00NWE2LTg2NDktNTdiNDRhZWM2MWY5IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiODA0MjYyZWItZTFiMy00YzJlLTk3ZDItN2ExYzE3YTVlMTQ1IiwiYWNyIjoiMSIsInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ifQ.NtjhqEUxheNvDI25oSLEUoVQhVUtSRC8ZC7V6DQ7gyrCzT7TGeqxH3-L4xj8UkivOW9cP45fcRMHBsoWvYwADtghTkRjVWycLRmPcctKLd8lELVuk--t7UgDJnL5uVnSLDAdRHnpYzI5oG6FKIZ8pyaEkS9unXNTj7gg5SNGssY4HDto3qLOINdec7D3ZxIgIvY5yjx1RlVwm9VKaBbKzt12cIJ0EGShPs6NqsQXZ-7Q1zDAv6tpgkdZzgQZI72keELDVqxeO6y9h5STjm54Z4JpeFL_im77a17ki5cYQb4QQuTS0lV4Hcdw2k-09cQDhF6EgcLt93F9wWJq8N6GIw' https://ubuntu18.japaneast.cloudapp.azure.com/auth/realms/master/protocol/openid-connect/userinfo

{"sub":"eb929ad0-0771-45a6-8649-57b44aec61f9","email_verified":false,"preferred_username":"admin"}

今回は登録されているConfidentialなClientのclient_id/client_secretを使って、オーオースのResource Owner Password Credentials Grantでaccess_tokenを取得し、UserinfoエンドポイントのWEB APIを実行しました。

前回のClient Credentials Grantとは異なり、Resource Owner Password Credentials GrantはPublicなClientのclient_idのみでも実行できました。
https://qiita.com/namikitakeo/items/cfb66928fad8882ea25a

#次回
できるオーオース mod_auth_openidc編
https://qiita.com/namikitakeo/items/b0b6c32f2289267beb05

0
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?