Category collections oauth
Overview
Used in the OAuth 2.0 and OpenId Connect 1.0 authorization/identification process (mechanism Authorization Code Grant).
Served by microservice ws.
The three-step process of OAuth 2.0 external authorization and OpenId Connect 1.0 identification followed by linking to a local user account in one of the system’s local domains involves:
-
registering the system with an external OAuth-authorization provider;
-
presence of a configured and enabled OAuth authorization provider (collection entity 'oauth/Providers');
-
token authorization script configured and registered in the master domain ('iam_token_svcscript_code').
The root client web application displays alternate external authorization buttons for all enabled OAuth authorization providers listed in the collection 'oauth/Providers').
When such a button is clicked, a chain of consecutive redirections between the system and the external authorization server is performed in accordance with the OAuth 2.0 and OpenId Connect 1.0 protocol. The further process follows the OAuth protocol and generally looks like this:
-
LOCAL: '/oauth/redirect/<KEY>' - searches for a provider, creates an authorization request, redirects to an external authorization server.
-
EXT: '/authorize' - The external authorization service provides the user with the ability to enter their credentials and allow access from the communication system.
-
LOCAL: '/oauth/receiver' - reverse redirection handler, get code, exchange for token, get credentials from external data server.
-
LOCAL: '/oauth/enter' - executes a script linking the ID of a request authorized on the external server to the local user account, creates a session.
-
LOCAL: '/app-root' - opens in the authorized state and displays a list of available applications to the user.
Endpoints
-
oauth/Providers - OAuth-authorization providers.
-
oauth/Requests - OAuth authorization requests.