Skip to main content

Authentication API

The following API will allow to get an authentication token to be used when calling Qualifio API.

To use this api, you must be provided with proper credential by Qualifio.

Normal token validity is 1h / 3600s. This timing can be reduced/increased depending on specific needs.

Revisions

  • Version 1.0: initial version

Entrypoint

  • Production: auth.k8s.qualifio.com

API Definition

Get token

Get a new token based on a clientId and clientSecret.

Request

POST /auth/realms/Qualifio/protocol/openid-connect/token

Request body has to "HTTP form-style" with url encoded values.

Request header

  • "Content-Type: application/x-www-form-urlencoded"
  • "Authorization: Basic BASIC_CREDENTIALS"
    • BASIC_CREDENTIALS must be replaced by the base64 encoding of the concatenation of the clientId and clientSecret separated by a ":"
    • If clientId = "clientId" and clientSecret = "clientSecret", then BASIC_CREDENTIALS = base64("clientId:clientSecret") = Y2xpZW50SWQ6Y2xpZW50U2VjcmV0

Request body

  • grant_type=client_credentials

Response:

  • 200 - OK

    {
    "access_token": the token to use in the bearer header field,
    "expires_in": the time in seconds during which the token is valid,
    "refresh_expires_in": 0,
    "token_type": "Bearer",
    "not-before-policy": timestamp after which the token starts to be valid,
    "scope": ""
    }
  • 400 - BAD REQUEST

    In case of any error condition such as wrong clientId/clientSecret, invalid request, ...

    {
    "error": "unauthorized_client",
    "error_description": "Invalid client secret"
    }

Sample

curl --request POST \
--url https://auth.k8s.qualifio.com/auth/realms/Qualifio/protocol/openid-connect/token \
--header 'Authorization: Basic Y2xpZW50SWQ6Y2xpZW50U2VjcmV0' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials

Response

{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ5WW8xSkVIUW92S2FZS2JxOE12dC1pMExfU0QyYXZQRDJ6RHRwMjhHbC1rIn0.eyJleHAiOjE2MjczMDcwNDUsImlhdCI6MTYyNzMwMzQ0NSwianRpIjoiMmZkYmQ3ODMtN2EyMi00ZjdlLWJkNmYtMWQ0ODUxMDg3YzljIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLnN0YWdpbmcuazhzLnF1YWxpZmlvLmNvbS9hdXRoL3JlYWxtcy9RdWFsaWZpbyIsInN1YiI6IjJlMmVkMmI4LWIyZmUtNDc1Mi1iYWYwLWViNjg3MThkZTg0MSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImRlbW8tZXh0ZXJuYWwtYXBpIiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJjcnlwdG8tYXBpLWNyZWF0ZSIsImNyeXB0by1hcGktcmVhZCJdfSwic2NvcGUiOiIiLCJjbGllbnRJZCI6ImRlbW8tZXh0ZXJuYWwtYXBpIiwiY2xpZW50SG9zdCI6IjE0Ni41OS4yMDIuMTQ4IiwiY2xpZW50QWRkcmVzcyI6IjE0Ni41OS4yMDIuMTQ4IiwicWxmOkFjY291bnRJRCI6Mn0.Z-TYRCiIhjjMSfHx_Woq_VRPm3u9EHktkhIS45jjUHPQ5268MdLQ9Qv1MgyeA6UQK-iIVneeoBsklmoOCvD-yPBe7AGELlkvRad_49kgURo1NzZbR30RqFc7r4GJgfGtV5hFbp3ZFfyCY6jWA49rlnDEQ4WalCjP4pddnKVYGXzCiWFmwPspi9CcVmYCj1KEau3eCjRNH8B1k4d1aI5sl_lRP8wzDRmzgBPU0mVOtywo3t38CD1zY7F8w6NYsfpEUkTtm22CDKlBYPlABT1C6VnCdUTwPleIAJ0sHmxofk_XZZHZM3NJrhpZxfykCqRv9mg4K9J3mwy_KWrXhWUqbA",
"expires_in": 3600,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 1625826844,
"scope": ""
}

This token can then be used immediately until now + the expiration time (field expires_in expressed in seconds).

The normal content of the token is:

{
"kid": "yYo1JEHQovKaYKbq8Mvt-i0L_SD2avPD2zDtp28Gl-k",
"alg": "RS256",
"typ": "JWT"
}
Payload
{
"exp": 1627307045,
"iat": 1627303445,
"jti": "2fdbd783-7a22-4f7e-bd6f-1d4851087c9c",
"iss": "https://auth.k8s.qualifio.com/auth/realms/Qualifio",
"sub": "2e2ed2b8-b2fe-4752-baf0-eb68718de841",
"typ": "Bearer",
"azp": "demo-external-api",
"acr": "1",
"realm_access": {
"roles": [
"crypto-api-create",
"crypto-api-read"
]
},
"scope": "",
"clientId": "demo-external-api",
"clientHost": "146.59.202.148",
"clientAddress": "146.59.202.148",
"qlf:AccountID": 2
}