Skip to content

Getting Started With Authentication

Jump to bottom
Tome Cvitan edited this page Jun 27, 2016 · 11 revisions

Note: More information about authentication can be found here

Requirements

  1. Admin Login User
    • ./manage.py createsuperuser
  2. RSA Key
    • ./manage.py creatersakey
  3. Client ID and Secret
    • Login to admin (ie rover.local/admin/)
    • Create client in admin (ie rover.local/admin/oidc_provider/client/)

API to API Communication

  1. Create signature using a sha256 hash of the client_id + client_secret + timestamp

  2. Pass the client_id, this signature, and the timestamp used to generate it in as headers to any call.

  3. These can all be generated for testing using bin/generate-sig.py --id <client_id> --secret <client_secret>

    GET /v1/people HTTP/1.1
Host: doorman.hearst.io
Content-Type: application/json
Authorization: Doorman-SHA256 Credential=1h43tj2g872jj428gj2
Signature: bfec0eee6fd6bb648a028fbec5ee18c3bd1f3015
Timestamp: 1441027325

User Authentication (OpenID Connect)

  1. Retrieve access_token from the token endpoint by passing in POST data

    POST /openid/token HTTP/1.1
Host: prod-rover.mediaos.hearst.io
Content-Type: application/x-www-form-urlencoded

client_id=12345678
&client_secret={client_secret}
&timestamp=1441027325
&email=email@address.com
&password=password
&grant_type=password
&scope=openid user roles profiles

  2. Save this access_token locally as well as the refresh_token

  3. Retrieve the users userinfo by sending the token in an Authorization header

    POST /openid/userinfo/ HTTP/1.1
Host: prod-rover.mediaos.hearst.io
Authorization: Bearer ACCESS_TOKEN

  4. If your token expires you can refresh it using the token endpoint again

    POST /openid/token HTTP/1.1
Host: prod-rover.mediaos.hearst.io
Content-Type: application/x-www-form-urlencoded

refresh_token=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7
&client_id=12345678
&client_secret={client_secret}
&grant_type=refresh_token

Troubleshooting

  1. I can't login to the edit ui
    • Do you have a user? ./manage.py createsuperuser
    • Do you have an RSA Key? ./manage.py creatersakeyifnone
    • Do you have a client id and secret? bin/setup-clients
    • Do you have a role on that site? http://{rover-url}/admin/people/user/

Home

Development setup

User guide

Resources

Authentication

Feature flags

Rover API Clients

Text Classification

Clone this wiki locally