-
Notifications
You must be signed in to change notification settings - Fork 74
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: document token endpoint (#3592)
* docs: overview section * docs: add properties and more details
- Loading branch information
Showing
1 changed file
with
104 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,113 @@ | ||
--- | ||
tags: | ||
- administration | ||
- auth-server | ||
- endpoint | ||
- administration | ||
- auth-server | ||
- token | ||
- endpoint | ||
--- | ||
|
||
## This content is in progress | ||
# Overview | ||
|
||
The Janssen Project documentation is currently in development. Topic pages are being created in order of broadest relevance, and this page is coming in the near future. | ||
Token endpoint is an OAuth2 protected endpoint that is used to grant tokens to client in response to valid request. | ||
Token endpoint is defined in the [OAuth 2.0 framework](https://datatracker.ietf.org/doc/html/rfc6749), | ||
[OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specification and other specifications relevant | ||
to them. | ||
|
||
## Have questions in the meantime? | ||
Tokens granted by this endpoint depends on grant type and scopes that are specified in the token request. The token | ||
endpoint is used with every authorization grant type except for the implicit grant type (since an access token is issued | ||
directly). | ||
|
||
While this documentation is in progress, you can ask questions through [GitHub Discussions](https://github.com/JanssenProject/jans/discussion) or the [community chat on Gitter](https://gitter.im/JanssenProject/Lobby). Any questions you have will help determine what information our documentation should cover. | ||
Based on request, this endpoint can grant following types of tokens: | ||
|
||
## Want to contribute? | ||
- [Access Token](https://datatracker.ietf.org/doc/html/rfc6749#section-1.4) | ||
- [Refresh Token](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5) | ||
- [ID Token](https://openid.net/specs/openid-connect-core-1_0.html#IDToken) | ||
|
||
If you have content you'd like to contribute to this page in the meantime, you can get started with our [Contribution guide](https://docs.jans.io/head/CONTRIBUTING/). | ||
|
||
URL to access token endpoint on Janssen Server is listed in the response of Janssen Server's well-known | ||
[configuration endpoint](./configuration.md) given below. | ||
|
||
```text | ||
https://janssen.server.host/jans-auth/.well-known/openid-configuration | ||
``` | ||
|
||
`token_endpoint` claim in the response specifies the URL for userinfo endpoint. By default, userinfo endpoint looks | ||
like below: | ||
|
||
``` | ||
https://janssen.server.host/jans-auth/restv1/token | ||
``` | ||
|
||
In response to a valid request, the token endpoint returns token/s in JSON format similar to below. This is just a | ||
sample response. Actual response can greatly vary in its contents based on request: | ||
|
||
``` | ||
HTTP/1.1 200 OK | ||
Content-Type: application/json | ||
Cache-Control: no-store | ||
Pragma: no-cache | ||
{ | ||
"access_token": "SlAV32hkKG", | ||
"token_type": "Bearer", | ||
"refresh_token": "8xLOxBtZp8", | ||
"expires_in": 3600, | ||
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc | ||
yI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5 | ||
NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZ | ||
fV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5Nz | ||
AKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6q | ||
Jp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJ | ||
NqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7Tpd | ||
QyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoS | ||
K5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4 | ||
XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg" | ||
} | ||
``` | ||
|
||
More information about request and response of the token endpoint can be found in | ||
the OpenAPI specification of [jans-auth-server module](https://gluu.org/swagger-ui/?url=https://raw.githubusercontent.com/JanssenProject/jans/replace-janssen-version/jans-auth-server/docs/swagger.yaml#/Token/post-token). | ||
|
||
## Configuration Properties | ||
|
||
Token endpoint and tokens issued by token endpoint can be further configured using Janssen Server configuration properties listed below. When using | ||
[Janssen Text-based UI(TUI)](../../config-guide/tui.md) to configure the properties, | ||
navigate via `Auth Server`->`Properties`. | ||
|
||
- [tokenEndpoint](../../reference/json/properties/janssenauthserver-properties.md#tokenendpoint) | ||
- [tokenEndpointAuthMethodsSupported](../../reference/json/properties/janssenauthserver-properties.md#tokenendpointauthmethodssupported) | ||
- [tokenEndpointAuthSigningAlgValuesSupported](../../reference/json/properties/janssenauthserver-properties.md#tokenendpointauthsigningalgvaluessupported) | ||
- [accessTokenLifetime](../../reference/json/properties/janssenauthserver-properties.md#accesstokenlifetime) | ||
- [checkUserPresenceOnRefreshToken](../../reference/json/properties/janssenauthserver-properties.md#checkuserpresenceonrefreshtoken) | ||
- [defaultSignatureAlgorithm](../../reference/json/properties/janssenauthserver-properties.md#defaultsignaturealgorithm) | ||
- [forceOfflineAccessScopeToEnableRefreshToken](../../reference/json/properties/janssenauthserver-properties.md#forceofflineaccessscopetoenablerefreshtoken) | ||
- [grantTypesSupported](../../reference/json/properties/janssenauthserver-properties.md#granttypessupported) | ||
- [accessTokenSigningAlgValuesSupported](../../reference/json/properties/janssenauthserver-properties.md#accesstokensigningalgvaluessupported) | ||
- [idTokenEncryptionAlgValuesSupported](../../reference/json/properties/janssenauthserver-properties.md#idtokenencryptionalgvaluessupported) | ||
- [idTokenEncryptionEncValuesSupported](../../reference/json/properties/janssenauthserver-properties.md#idtokenencryptionencvaluessupported) | ||
- [idTokenFilterClaimsBasedOnAccessToken](../../reference/json/properties/janssenauthserver-properties.md#idtokenfilterclaimsbasedonaccesstoken) | ||
- [idTokenLifetime](../../reference/json/properties/janssenauthserver-properties.md#idtokenlifetime) | ||
- [idTokenSigningAlgValuesSupported](../../reference/json/properties/janssenauthserver-properties.md#idtokensigningalgvaluessupported) | ||
- [accessTokenSigningAlgValuesSupported](../../reference/json/properties/janssenauthserver-properties.md#accesstokensigningalgvaluessupported) | ||
- [legacyIdTokenClaims](../../reference/json/properties/janssenauthserver-properties.md#legacyidtokenclaims) | ||
- [mtlsTokenEndpoint](../../reference/json/properties/janssenauthserver-properties.md#mtlstokenendpoint) | ||
- [openidScopeBackwardCompatibility](../../reference/json/properties/janssenauthserver-properties.md#openidscopebackwardcompatibility) | ||
- [persistIdTokenInLdap](../../reference/json/properties/janssenauthserver-properties.md#persistidtokeninldap) | ||
- [persistRefreshTokenInLdap](../../reference/json/properties/janssenauthserver-properties.md#persistrefreshtokeninldap) | ||
- [refreshTokenExtendLifetimeOnRotation](../../reference/json/properties/janssenauthserver-properties.md#refreshtokenextendlifetimeonrotation) | ||
- [refreshTokenLifetime](../../reference/json/properties/janssenauthserver-properties.md#refreshtokenlifetime) | ||
- [responseTypesSupported](../../reference/json/properties/janssenauthserver-properties.md#responsetypessupported) | ||
- [skipRefreshTokenDuringRefreshing](../../reference/json/properties/janssenauthserver-properties.md#skiprefreshtokenduringrefreshing) | ||
- [refreshTokenLifetime](../../reference/json/properties/janssenauthserver-properties.md#refreshtokenlifetime) | ||
|
||
## Client Authentication | ||
|
||
Token Endpoint requires | ||
[Client Authentication](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication) methods to | ||
authenticate clients to the authorization server. | ||
|
||
TODO: add more details here | ||
|
||
## Supported Grant Types | ||
|
||
TODO: add more details here |