NAME

Kernel::System::Credential::OAuth2::ResourceOwnerPasswordBasicAuth

Ressorce Owner Password Flow

SEE ALSO

Authorisation Flow

 https://auth0.com/docs/get-started/authentication-and-authorization-flow

Resource Owner Password Flow

 https://auth0.com/docs/get-started/authentication-and-authorization-flow/resource-owner-password-flow

Smart Bonding Onboarding Guide for -Support Partners

 https://portal.otrs.com/otrs/index.pl?Action=AgentTicketAttachment;TicketID=7306140;ArticleID=10197791;FileID=1

SYNOPSIS

The call to the identity service provider shall look like this

—Request—-

  POST https://YOUR_DOMAIN/oauth/token
  Content-Type: application/x-www-form-urlencoded

  audience=grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET

—Response—

  HTTP/1.1 200 OK
  Content-Type: application/json
  {
   "access_token":"eyJz93a...k4laUWw",
   "token_type":"Bearer",
   "expires_in":86400
  }

SYNOPSIS

This type of credentials is very rudimentary. We just make a request whenever we need to refresh our actual one. Refresh and Request are the same. There is not authorization phase in this flow. token_endpoint and autorization_endpoint are therefore the same, although authrization_endpoint is superfluous here, we keep it not to disturb other flows. The default parameters are the same for request and refresh. This is because we don't known how the consumer is going to use us. See Pod for the service provider constructor.

ATTRIBUTES

No specific attributes here. We live on the parent attributes.

METHODS

_ClientParams

This method adds the specific attributes/parameters we need to create a L:A:OAuth2::ROPF credential client. The param code is mandatory for L::A::O::ServiceProvider but not used here because it does come from the authorization phase. The more general parameters are added in OAuth2 where they are assigned. Those here are then just appended. See:

 L<https://metacpan.org/pod/LWP::Authen::OAuth2#Construct-service-provider>

NeedsAuthorizationConsent()

Verifies if the credential is in a state that needs the user consent to get the authorization token.

CanRefresh

Checks if the access token can be refreshed.

Refresh

Performs needed operations to refresh the access token data.

    # Refresh authorization if needed.
    my $Refreshed = $AuthCredential->Refresh();

    # Force the authorization to refresh.
    my $Refreshed = $AuthCredential->Refresh( Force => 1 );

Returns

    1     - success
    undef - in case of any error

FullAuthURL()

Returns the full authorization url where the user should be redirect to.

RequestAuthorization()

Requests the provider for the authorization access token.

    my $Success = $Self->RequestAuthorization();

Returns

    1 - success
    undef - error occured