OIDC Dynamic Client Registration in Wso2 Identity Server 5.3.0

OIDC dynamic client registration facilitates on the fly registrations for a client instead of manually registration.


High Level Steps to follow
  •  Start Identity Server
  • Register applications using post request

Detailed Instructions

Register applications using post requests.
  1. open the on-line 'https://curlbuilder.com/' and fill the required text fields as bellow to generate the required curl command.
  2. Select the request as POST and URL as ‘https://localhost:9443/identity/connect/register’ to invoke the register endpoint.
  3. Add following as the request body.
       {   
           "redirect_uris": ["wso2.example.com"],
     "client_name": "test",
     "ext_param_owner": "admin",
       "grant_types": ["password"]
}
Definitions of the above parameters are as below :

redirect_uris : An array of URIs under the control of the client. The user is redirected to one of these redirect_uris after the authorization grant.

client_name : Any prefered name for the client

ext_param_owner :The name of the owner of the application

grant_types: An array of grant types supported by the client.
  1. For the authentication process add a custom header, Authorization: Basic and base64 encoded user name and password. In this example it is YWRtaW46YWRtaW4= which is base64 encoded value of admin:admin . ex: Authorization: Basic YWRtaW46YWRtaW4=
  2. Tick on the JSON data type.





    6. Copy the generated curl command and run it in a terminal to register the client.

    curl -XPOST -H 'Authorization: Basic: YWRtaW46YWRtaW4=' -H "Content-type: application/json" -d '{   
      "redirect_uris": ["wso2.example.com"],     "client_name": “test",     "ext_param_owner": "admin",   "grant_types": ["password"] }' 'https://localhost:9443/identity/connect/register' -k -v


    Expected outcome
    You can find the client key and client secret of the registered application from the response.

    {"grant_types":["password"],"client_secret_expires_at":"0","redirect_uris":["wso2.example.com"],"client_secret":"bQmaGoLMCIqyQ4qh5LfxaQrQ44Qa","client_name":"admin_test","client_id":"Nrx4OGS3ah_iHbd84cNHSCtLfaQa"}
     


Comments

Post a Comment

Popular posts from this blog

Applying CORS Filter to wso2 Identity Server

When we are invoking an endpoint in oauth2 war from a javascript of a web app which is located in a different domain than identity server domain we are getting "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://XXXXXXX is therefore not allowed access." The issue is occurring as the script on your page is running from a specifc domain and would try to request the resource via an XmlHttpRequest or XDomainRequst from a different domain as this is a cross -origin request. In order to get rid of this we need to enable this by sending below header using a custom filter.  Access-Control-Allow-Origin: http: //example.com   (Here  http://example.com is the domain name of where page with that script is hosted) Invoking UserInfo endpoint of wso2 Identity Server from JavaScript We have two possible solutions to apply the CORS header.  1. Customizing OpenIDConnectUserEndpoint.java as below and replacing the oauth
Read more

JWKS endpoint of wso2 IS

What is JWKS endpoint? The JSON Web Key Set (JWKS) endpoint is a read-only endpoint. This url returns the Identity Server's public key set in Json web key set format. This contains the signing key(s) the RP uses to validate signatures from the Identity Server. This endpoint is defined loosely by the OpenID Connect Discovery specification . Try JWKS endpoint with Identity Server The endpoint url for the super tenant: https://localhost:9443/oauth2/jwks The jwks for the super tenant will be as follows: { "keys" : [ { "alg" : "RS256" , "kty" : "RSA" , "use" : "sig" , "n" : " AJSn-hXW9Zzz9ORBKIC9Oi6wzM4zhqwHaKW2vZAqjOeLlpUW7zXwyk4tkivwsydPNaWUm-9oDlEAB2lsQJv7jwWNsF7SGx5R03kenC-cf8Nbxlxwa-Tncjo6uruEsK_Vke244KiSCHP8BOuHI-r5CS0x9edFLgesoYlPPFoJxTs5 " , "e" : "AQAB" , "kid" : " d0ec514a32b6f88c0abd12a2840699bdd3deba9d "
Read more

DCR VS DCRM with WSO2 Identity server

Image
What is DCR (Dynamic Client Registration) Dynamic Client registration is a protocol which allows OAuth clients to register applications in an authorization server. Before this mechanism which is introduced from the spec [1] the client registration happened manually. With this implementation the client registration could be done in two ways.  - A client can be registered dynamically with the authorization server itself  - A programmer can register a client programmatically. Following is the protocol flow of DCR 1. A client sends a registration request with as follows. This should be a post request. 2. Server sends information response with 201 created. Request : POST   https://localhost:9443/api/identity/oauth2/dcr/v1.0/register HTTP/1.1 Authorization : Basic   YWRtaW46YWRtaW4= Content-Type :   application/json Content -Length :   114 Host: localhost :9443 {    "redirect_uris" : [      " http://localhost"    ],   
Read more