Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Last revision Both sides next revision
documentation:latest:webserviceprotection [2019/10/30 15:24]
coudot created
documentation:latest:webserviceprotection [2019/10/30 15:28]
coudot
Line 13: Line 13:
   * The backend Handler that will protect the web service, and will consume the token   * The backend Handler that will protect the web service, and will consume the token
  
-See [[servertoserver|ServiceToken Handler documentation]]+See [[servertoserver|ServiceToken Handler documentation]].
  
 ====== OAuth2 endpoints ====== ====== OAuth2 endpoints ======
Line 59: Line 59:
 } }
 </​file>​ </​file>​
 +
 +====== OAuth2 Handler ======
 +
 +We also suppose here that LL::NG is acting as [[idpopenidconnect|OpenID Connect provider]]. But the webservice will be protected by the OAuth2 Handler and will just have to read the HTTP headers to know which user is connected.
 +
 +<​code>​
 +curl \
 +   -H "​Authorization:​ Bearer a74d504ec9e784785e70a1da2b95d1d2"​ \
 +   ​https://​oauth2.example.ccom/​rest/​myapi ​
 +</​code>​
 +<file javascript>​
 +{
 +   "​check"​ : "​true",​
 +   "​user"​ : "​coudot"​
 +}
 +</​file>​
 +
 +See [[oauth2handler|OAuth2 Handler documentation]].