Please login or register to access secure site features.

Note: By continuing to use DevConnect Program Services you agree to our latest Registered Member Terms.

Sign in using DevConnect ID

Forgot password?

Trouble logging in?

Submit a ticket for Registration Support.

I have an SSO ID

?
sign in

Don't have a DevConnect or SSO ID ?

Create a DevConnect account or join the program.

register now
^
Forum Index » Avaya Breeze » External Authorization Client on BREEZE 3.8   XML
 
Author Message
RahulJangam



Joined: 08/06/2009 04:08:37
Messages: 9
Offline

Hello experts,

I am trying to create an External Authorization client on the BREEZE 3.8. I want to use the client credentials flow which means, i do not need the redirection. Hence on the Add new External Authorization Client page, i do not need to add the redirect URL right?

Also, when I upload the certificate, all i need to do is to create JWT token using client id & certificate in the asked JWT format and then call the token URL which should then authenticate my request using JWT token and generate the bearer token.

next, I collect the bearer token and pass it in Authorization header while accessing the resource on the Resource Server.

Am i missing anything? Unfortunately there is no working example for client credentials flow except the documentation. hence i want it make sure my understanding is correct
prasanna.kulkarni



Joined: 01/06/2015 02:11:49
Messages: 16
Offline


Hi Rahul,

I've got below answer from Breeze A&A experts:

You do not need redirect URL.
Please make sure grant_type=client_credentials

For
"Also, when I upload the certificate, all i need to do is to create JWT token using client id & certificate in the asked JWT format and then call the token URL which should then authenticate my request using JWT token and generate the bearer token."
>>make sure grant_type=client_credentials

For
Am i missing anything? Unfortunately there is no working example for client credentials flow except the documentation. hence i want it make sure my understanding is correct
>>
Steps are correct, can you use JWT view the token?
Make sure that resource server recognizes the token for information such as client_id, scope and etc.

Hope this helps.

Regards,
Prasanna
RahulJangam



Joined: 08/06/2009 04:08:37
Messages: 9
Offline

HI Prasanna,

Thanks for your response. I was successfully able to create external Authorization client using certificate and then got access token by sending JWT signed with PRIVATE key to Authorization token service. And using access token, i was able to validate it and use it in the Resource Server snap-in to serve by REST request. .

However, I still have question. How do i retrieve the scope for the bearer token sent in the API request? For example, i have read and write scope. And i want to cross check if the bearer token has read or write permission as per by REST API i.e. if someone calls a REST API that needs write permission but access token was generated using read permission only, i want to block this request. Where do i do this check within Resource server?

Thanks,
Rahul
AMProduce



Joined: 21/07/2021 22:49:15
Messages: 1
Offline

I trying to configure my tools. If you can help me out please let me know.
 
 
Go to: