TRUSTEE Authentication Manager

ABB Info

This ABB is responsible for authenticating TRUSTEE users through SSI. This is a developement version thus expect things to change and be improved.

Connection Info

Other ABB that wants to authenticate user should first request for a Client ID and a Client Secret that chould later use for connecting with this authentication agent through Open ID Connect (OIDC), using the Authorization Code Flow. For this one time registration of ABBs, a redirect URL should also be provided, for example http://myabb.trustee-dev.eu/oidc.

Assuming that your ABB has the client_id = "my_client_id_here", the client_secret = "my_client_secret_here" and that the Authentication Agent is located at authen.trustee-dev.eu, first you generate a random nonce = "my_random_nonce_here" and redirect an unauthenticated user to:

http://authen.trustee-dev.eu/oauth/authorize?client_id=my_client_id_here&scope=openid+profile&response_type=code&nonce=my_random_nonce_here

Then, the user will be authenticated, he/she will be redirected to the redirect URL provided by the ABB, for example at:

http://myabb.trustee-dev.eu/oidc?code=example_random_code_returned_here

From this request, your backend will be able to retrieve the provide code parameter and recover the user's identity by doing a POST request to:

http://authen.trustee-dev.eu/oauth/token

supping the parameter grant_type=authorization_code and the code e.g.code=example_random_code_returned_here. For this request to succeed, the back end will have to authenticate using the Client ID and a Client Secret. Here is an example using the curl command:

curl -u "my_client_id_here:my_client_secret_here" -XPOST http://authen.trustee-dev.eu/oauth/token -F grant_type=authorization_code -F code=example_random_code_returned_here

For more information please read online materials related to OIDC Authorization Code Flow.

Features
InQbit & TRUSTEE, © 2023