NAME

Kernel::System::Credential::OAuth2::ResourceOwnerPassword

Ressorce Owner Password Flow

SEE ALSO

Authorisation Flow

 https://auth0.com/docs/get-started/authentication-and-authorization-flow

Resource Owner Password Flow

 https://auth0.com/docs/get-started/authentication-and-authorization-flow/resource-owner-password-flow

Smart Bonding Onboarding Guide for -Support Partners

 https://portal.otrs.com/otrs/index.pl?Action=AgentTicketAttachment;TicketID=7306140;ArticleID=10197791;FileID=1

SYNOPSIS

The call to the identity service provider shall look like this

—Request—-

  POST https://YOUR_DOMAIN/oauth/token
  Content-Type: application/x-www-form-urlencoded

  audience=grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET

—Response—

  HTTP/1.1 200 OK
  Content-Type: application/json
  {
   "access_token":"eyJz93a...k4laUWw",
   "token_type":"Bearer",
   "expires_in":86400
  }

SYNOPSIS

This type of credentials is very rudimentary. We just make a request whenever we need to refresh our actual one. Refresh and Request are the same. There is not authorization phase in this flow. token_endpoint and autorization_endpoint are therefore the same, although authrization_endpoint is superfluous here, we keep it not to disturb other flows. The default parameters are the same for request and refresh. This is because we don't known how the consumer is going to use us. See Pod for the service provider constructor.

ATTRIBUTES

Username

Attribute that holds the username for authentication.

Password

Attribute that holds the password.

Audience

Attribute that holds the audience.

METHODS

NeedsAuthorizationConsent()

Verifies if the credential is in a state that needs the user consent to get the authorization token.

CanRefresh

Checks if the access token can be refreshed.

Refresh()

Refresh the token, but only if it needs to. Performs an POST request to the authentication url with the following parameters

    - grant_type 'password'
    - username
    - password
    - audience
    - scope
    - client_id
    - client_secret


    # Refresh authorization if needed.
    my $Refreshed = $AuthCredential->Refresh();

    # Force the authorization to refresh.
    my $Refreshed = $AuthCredential->Refresh( Force => 1 );

The response for the request is an JSON response containing the access token.

Returns

    1     - success
    undef - in case of any error

FullAuthURL()

Returns the full authorization url where the user should be redirect to.

RequestAuthorization()

Requests the provider for the authorization access token.

    my $Success = $Self->RequestAuthorization();

Returns

    1 - success
    undef - error occured