[GET Oauth2 authorization_code with CURL]

[Napoleon Ponaparte]

Hi,

I have succeed to config CAS and register service Oauth2.

My cas server is at https://casoverlay.vdc2.com.vn:8443/cas

And my service is at https://casoverlay.vdc2.com.vn:9999/dashboard/login

I have succeed to get access token and use this token to get user's attribute via postman like step bellow:

Step 1:

I fill information and request access token

It shows this windows

I press allow and then I have access token

Step 2:

I use this token to get user's attribute

But now, I don't want to use posman or WebUI.

I want to use command line to get Oauth grantcode and access token like this

Request authorization

Request an access token

I have seen CAS Apereo document from this link

https://apereo.github.io/cas/6.2.x/installation/OAuth-OpenId-Authentication.html

It has this guide

But when I call

curl https://casoverlay.vdc2.com.vn:8443/cas/oauth2.0/authorize?client_id=exampleOauthClient&redirect_uri=https%3A%2F%2Fcasoverlay.vdc2.com.vn%3A9999%2Fdashboard%2Flogin&response_type=code

It responsesme like this

Please help me.

Thank you in advance.

[Jérôme LELEU]

Hi,

The authorization code grant type is meant for UI interactions, you should not use it via a CURL.

You may be interested in the Resource Owner Credentials grant type to use via CURL: https://apereo.github.io/cas/6.2.x/installation/OAuth-OpenId-Authentication.html#resource-owner-credentials

Thanks.

Best regards,

Jérôme

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/46e21b3b-bbb9-40bd-ae39-39c7db4b0cban%40apereo.org.

[Nguyen Tran Thanh Lam]

Hi Jérôme,

Thank you for your help and I have one question for you.

How about to manage scope?

Thank you. Regards

Vào Th 6, 18 thg 9, 2020 vào lúc 22:47 Jérôme LELEU <lel...@gmail.com> đã viết:

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LxOs66LmO%3Do0%3DmYmPyHt-eFPR-BhtbgdbN%3D%2BX%2B3BFQJqA%40mail.gmail.com.

[Jérôme LELEU]

Hi,

I haven't tested it, but I would try using the scope parameter.

Thanks.

Best regards,

Jérôme

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAi24D0U0fw%3DuAMqkyBP_xrb%2BrsWf_88Uw%2B47SokPYY1QQ%40mail.gmail.com.

[Nguyen Tran Thanh Lam]

Hi Mr Jérôme.

Here is my service registry file

{
    "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
    "clientId": "exampleOauthClient",
    "clientSecret": "exampleOauthClientSecret",
    "serviceId" : "^https://cascore.vdc2.com.vn:9999/.*",
    "generateRefreshToken" : true,
    "jsonFormat" : true,
    "name" : "ClientJava",
    "id" : 4,
    "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
    "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ],
    "jwtAccessToken": true,
    "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
    "allowedAttributes" : [ "java.util.ArrayList", ["comdepartment","comid","lastname","usercode","userdate","useremail","userparentid","userstatus","usertel","usertype","userid" ] ]
     },
    "properties" : {
      "@class" : "java.util.HashMap",
      "accessTokenAsJwtSigningKey" : {
         "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
         "values" : [ "java.util.HashSet", [ "CoSfJ2WweU-cWcUYSjW2PWLVLd9hIVG0xxjFFUHSUbCjkkNiwPli_WlqF9V2MHJH3SGH_4DifSYxlgs98h4snA" ] ]
      },
      "accessTokenAsJwtEncryptionKey" : {
           "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
           "values" : [ "java.util.HashSet", [ "_3gpqpSiIEjHT0xlscGvgDr0-iPIeeEeyecfFgbg_5E" ] ]
      },
      "accessTokenAsJwtSigningEnabled" : {
         "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
         "values" : [ "java.util.HashSet", [ "true" ] ]
      },
      "accessTokenAsJwtEncryptionEnabled" : {
         "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
         "values" : [ "java.util.HashSet", [ "true" ] ]
      },
      "accessTokenAsJwtCipherStrategyType" : {
         "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
         "values" : [ "java.util.HashSet", [ "SIGN_AND_ENCRYPT" ] ]
      }
    }
}

I don't know how to define scope for this service.

I didn't found any example in CAS Apereo document.

Please help me.

Thank you in advance.

Vào Th 2, 21 thg 9, 2020 vào lúc 12:19 Jérôme LELEU <lel...@gmail.com> đã viết:

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lx-E8HFCxSOpvH%3DKTePZmYmUC2bqxtbz8Es%3DMoXmQxKMg%40mail.gmail.com.

[Jérôme LELEU]

Hi,

The scope should be used in the request URL as well as in the service definition as explained here: https://apereo.github.io/cas/6.2.x/installation/OIDC-Authentication.html#scope-based-claims

Thanks.

Best regards,

Jérôme

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAhBc6BavGq-KNdgu6r7-BGNem%2BZidA9cqe4Xt-gs3HZow%40mail.gmail.com.

[Nguyen Tran Thanh Lam]

Thank you Mr Jérôme

Vào Th 2, 21 thg 9, 2020 vào lúc 19:28 Jérôme LELEU <lel...@gmail.com> đã viết:

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LzNe%2B1ErySVXymc2hk_UWPZbhET5RZjsi7rRRkjtBvR0g%40mail.gmail.com.

[Nguyen Tran Thanh Lam]

Hi Mr Jérôme LELE,

Sorry I bother you again.

I know, We shoud not use CURL for authorization process (get authorization by using curl).

But in some cases, we could not use the UI, for example embedded devices.

So, Could we config CAS Apereo allow call CURL to get authorization code? Or CAS basically did not support this function?

I have check WSO2 open source and it support get authorization code by using curl.

Thank you. Regards

Vào Th 6, 18 thg 9, 2020 vào lúc 22:47 Jérôme LELEU <lel...@gmail.com> đã viết:

Hi,

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LxOs66LmO%3Do0%3DmYmPyHt-eFPR-BhtbgdbN%3D%2BX%2B3BFQJqA%40mail.gmail.com.

[Ray Bon]

Nguyen,

There is a REST interface, https://apereo.github.io/cas/6.2.x/protocol/REST-Protocol.html

And some security options, https://apereo.github.io/cas/6.2.x/planning/Security-Guide.html

Ray

On Thu, 2020-12-03 at 16:11 +0700, Nguyen Tran Thanh Lam wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.