EMEA_Idemiamigration_POC

EMEA_Idemiamigration_POC 1.0.0

0
No votes yet

Tags: 

production
development
https://emea.sit.api.citi.com/gcb

Custom Gateway API Endpoint

Paths

/oauth2/authorize

get /oauth2/authorize

endpoint for Authorization Code and Implicit grants

description

clientID
X-IBM-Client-Id
(apiKey located in header)

application's client_id

response_type
Required in query
string

request an authorization code or or access token (implicit)

{
    "enum": [
        "code",
        "token"
    ]
}
scope
Required in query
string

Scope being requested

redirect_uri
Optional in query
string

URI where user is redirected to after authorization

state
Optional in query
string

This string will be echoed back to application when user is redirected

Accept
Optional in header
string
text/html
200

An HTML form for authentication or authorization of this request.

302

Redirect to the clients redirect_uri containing one of the following

  • authorization code for Authorization code grant
  • access token for Implicity grant
  • error in case of errors, such as the user has denied the request
Example Request
Example Response
GET https://emea.sit.api.citi.com/gcb/emeapoc/oauth2/authorize
post /oauth2/authorize

submit approval to authorization code or access token

Submit resource owners approval (or rejection) for the OAuth2 Server to issue an authorization code or access token to the application.

client_id
Required in formData
string

application requesting the access code or token

scope
Required in formData
string

requested scope of this authorization

resource-owner
Required in formData
string

resource owners user name

redirect_uri
Required in formData
string

URI the application is requesting this code or token to be redirected to

original-url
Required in formData
string

URL of the original authorization request

dp-state
Required in formData
string

state information provided in the authorization form

dp-data
Required in formData
string

state information provided in the authorization form

Content-Type
Optional in header
string
application/x-www-form-urlencoded
Accept
Optional in header
string
text/html
200

A consent form for oauth processing.

Example Request
Example Response
POST https://emea.sit.api.citi.com/gcb/emeapoc/oauth2/authorize

/oauth2/token

post /oauth2/token

Request Access Tokens

This endpoint allows requesting an access token following one of the flows below:

  • Authorization Code (exchange code for access token)
  • Client Credentials (2-legged, there isnt resource owner information)
  • Resource Owner Password Credentials (2-legged, client provides resource owner name and password)
  • Refresh Token (exchange refresh token for a new access token)

The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.

Client authentication:

  • Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter.
  • Public clients should send their client_id as formData parameter.
grant_type code client_credentials password refresh_token
client_id required required required required
client_secret required required required required
code required
redirect_uri required
username required
password required
scope optional optional
refresh_token required

The implicit grant requests, see /oauth2/authorize.

grant_type
Required in formData
string

Type of grant

{
    "enum": [
        "authorization_code",
        "password",
        "client_credentials",
        "refresh_token"
    ]
}
client_id
Required in formData
string

Application client ID, can be provided in formData or using HTTP Basic Authentication

client_secret
Optional in formData
string

Application secret, must be provided in formData or using HTTP Basic Authentication

code
Optional in formData
string

Authorization code provided by the /oauth2/authorize endpoint

redirect_uri
Optional in formData
string

required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical.

username
Optional in formData
string

Resource owner username

password
Optional in formData
string

Resource owner password

scope
Required in formData
string

Scope being requested

refresh_token
Optional in formData
string

The refresh token that the client wants to exchange for a new access token (refresh_token grant_type)

Content-Type
Optional in header
string
application/x-www-form-urlencoded
Accept
Optional in header
string
application/json
200

json document containing token, etc.

access_token_response
400

json document that may contain additional details about the failure

Example Request
Example Response
POST https://emea.sit.api.citi.com/gcb/emeapoc/oauth2/token

/oauth2/introspect

post /oauth2/introspect

Introspect a given access_token supported

This endpoint introspects a given access_token

clientIdHeader
X-IBM-Client-Id
(apiKey located in header)
clientSecretHeader
X-IBM-Client-Secret
(apiKey located in header)
token
Required in formData
string

String value of the access_token to be introspected

token_type_hint
Required in formData
string

This must contain 'access_token' to indicate the token type

Content-Type
Optional in header
string
application/x-www-form-urlencoded
Accept
Optional in header
string
application/json
200

json document containing access_token information, etc.

introspect_response
401

failure

Example Request
Example Response
POST https://emea.sit.api.citi.com/gcb/emeapoc/oauth2/introspect

Definitions 

{
    "type": "object",
    "additionalProperties": false,
    "required": [
        "token_type",
        "access_token",
        "expires_in"
    ],
    "properties": {
        "token_type": {
            "enum": [
                "bearer"
            ]
        },
        "access_token": {
            "type": "string"
        },
        "expires_in": {
            "type": "integer"
        },
        "scope": {
            "type": "string"
        },
        "refresh_token": {
            "type": "string"
        }
    }
}
              
{
    "type": "object",
    "additionalProperties": false,
    "required": [
        "active",
        "client_id",
        "client_name",
        "username",
        "sub",
        "exp",
        "expstr",
        "iat",
        "nbf",
        "nbfstr",
        "scope"
    ],
    "properties": {
        "active": {
            "type": "boolean"
        },
        "client_id": {
            "type": "string"
        },
        "client_name": {
            "type": "string"
        },
        "username": {
            "type": "string"
        },
        "sub": {
            "type": "string"
        },
        "exp": {
            "type": "string"
        },
        "expstr": {
            "type": "string"
        },
        "iat": {
            "type": "string"
        },
        "nbf": {
            "type": "string"
        },
        "nbfstr": {
            "type": "string"
        },
        "scope": {
            "type": "string"
        },
        "miscinfo": {
            "type": "string"
        },
        "consented_on": {
            "type": "string"
        },
        "consented_on_str": {
            "type": "string"
        },
        "grant_type": {
            "type": "string"
        }
    }
}