Difference between revisions of "Configuring OAuth2 authorization"
Pavel.lobko (talk | contribs) |
Pavel.lobko (talk | contribs) |
||
| Line 1: | Line 1: | ||
Unlike anonimous API call we performed in our [[I2Rest_Server#basic_guide|quick start guide]], authorized API call requires OAuth2 token with "run_program" [[I2Rest_scopes#|scope]] and <code>*local</code> [[I2Rest_Gates#Session_System|Session System]] defined. | Unlike anonimous API call we performed in our [[I2Rest_Server#basic_guide|quick start guide]], authorized API call requires OAuth2 token with "run_program" [[I2Rest_scopes#|scope]] and <code>*local</code> [[I2Rest_Gates#Session_System|Session System]] defined. | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | { | ||
| + | "name": "*LOCAL", | ||
| + | "submit": SBMJOB JOB(I2RESTS) USER(${user}) | ||
| + | CMD(CALL I2REST PARM( | ||
| + | '-session' | ||
| + | '-url' '${surl}' | ||
| + | '-uid' '${uid}' | ||
| + | '-user' '${user}' | ||
| + | '-init' 'ADDLIBLE I2REST')) | ||
| + | '-dcm_client_id' 'MYCLIENT'))" | ||
| + | |||
| + | |||
| + | ;Step 1 | ||
| + | :Register two users on IBM i. | ||
| + | ;Step 2 | ||
| + | :Contact your system administrator for your IBM i server host name (or IP) and ''two'' available ports for "main" and "management" gates of your first i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Enter following text, replace host_name, ports, user (must be a regestered IBM i user) and client (must be a regestered IBM i user) with appropriate values. | ||
| + | [[I2Rest_quick_config|Basic configuration]] management API variant (differences are highlighted in <span style="background:#e3f6d0;">green</span>): | ||
| + | |||
| + | { | ||
| + | "gates": | ||
| + | { | ||
| + | "main" : {"url":"http://<span style="color:#22d3d3;"><host_name>[:port] (for example api.i2rest.com:1234)</span>"}, | ||
| + | "management" : {"url":"http://<span style="color:#22d3d3;"><host_name>[:port] (for example api.i2rest.com:4321)</span>"} | ||
| + | }, | ||
| + | <span style="background:#e3f6d0;"> "OAuth2": | ||
| + | { | ||
| + | "scopes": {"management_functions" : {"description":"i2Rest management APIs call"} | ||
| + | }, | ||
| + | "users": | ||
| + | { | ||
| + | "<span style="color:#22d3d3;">USRX</span>":{"description":"<span style="color:#22d3d3;">John Johnes</span>","valid_clients":{"<span style="color:#22d3d3;">TSTCLNT</span>":{"scopes":["management_functions"]}}} | ||
| + | }, | ||
| + | "clients": | ||
| + | { | ||
| + | "<span style="color:#22d3d3;">TSTCLNT</span>":{"redirect_uri":"<span style="color:#22d3d3;"><main gate URL></span>/oauth2/redirect", | ||
| + | "description":"Test client", | ||
| + | "valid_scopes":["management_functions"], | ||
| + | "valid_grant_types":["authorization_code"]} | ||
| + | }, | ||
| + | "tokens": {"type":"token"},"codes":{"type":"code"} | ||
| + | }</span> | ||
| + | } | ||
Revision as of 15:27, 30 June 2020
Unlike anonimous API call we performed in our quick start guide, authorized API call requires OAuth2 token with "run_program" scope and *local Session System defined.
{
"name": "*LOCAL",
"submit": SBMJOB JOB(I2RESTS) USER(${user})
CMD(CALL I2REST PARM(
'-session'
'-url' '${surl}'
'-uid' '${uid}'
'-user' '${user}'
'-init' 'ADDLIBLE I2REST'))
'-dcm_client_id' 'MYCLIENT'))"
- Step 1
- Register two users on IBM i.
- Step 2
- Contact your system administrator for your IBM i server host name (or IP) and two available ports for "main" and "management" gates of your first i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Enter following text, replace host_name, ports, user (must be a regestered IBM i user) and client (must be a regestered IBM i user) with appropriate values.
Basic configuration management API variant (differences are highlighted in green):
{
"gates":
{
"main" : {"url":"http://<host_name>[:port] (for example api.i2rest.com:1234)"},
"management" : {"url":"http://<host_name>[:port] (for example api.i2rest.com:4321)"}
},
"OAuth2":
{
"scopes": {"management_functions" : {"description":"i2Rest management APIs call"}
},
"users":
{
"USRX":{"description":"John Johnes","valid_clients":{"TSTCLNT":{"scopes":["management_functions"]}}}
},
"clients":
{
"TSTCLNT":{"redirect_uri":"<main gate URL>/oauth2/redirect",
"description":"Test client",
"valid_scopes":["management_functions"],
"valid_grant_types":["authorization_code"]}
},
"tokens": {"type":"token"},"codes":{"type":"code"}
}
}
