CAS OIDC Resource Owner Password Grant
21 views
Skip to first unread message
Jeremiah Garmatter
Jun 13, 2023, 9:18:55 AM6/13/23
to CAS Community
Hello,
I am new to OIDC but I am tasked with integrating an OIDC application to my SSO.
One requirement for this app is the "Resource Owner Password Credential" (ROPC) grant.
I skimmed the OIDC documents on the wiki but did not find any mention of ROPC.
My question is: Does the OIDC module for CAS support ROPC grant?
I use CAS 6.6.
Jeremiah Garmatter
Jun 14, 2023, 8:39:25 AM6/14/23
to CAS Community, Jeremiah Garmatter
After doing a few tests I can confirm that the OIDC module supports OAuth features including the ROPC grant.
See the oauth authentication grants page on the CAS docs for more information: https://apereo.github.io/cas/6.6.x/authentication/OAuth-Authentication.html#resource-owner-credentials
I was able to use a simple curl command to test:
curl -X POST \
https://<your login server>/cas/oidc/accessToken \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "grant_type=password&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&username=<USER>&password=<PASS>&scope=profile"
https://<your login server>/cas/oidc/accessToken \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "grant_type=password&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&username=<USER>&password=<PASS>&scope=profile"
If you use this to test, make sure you update the values I surrounded with <> and adjust or remove the scope parameter.
You can then pass the received access_token in a post request to "https://<your login server>/cas/oidc/profile" to retrieve the claims you allowed your app to access.
Reply all
Reply to author
Forward
0 new messages