chore: add docs how to obtain bearer token

[webzwo0i]

Is it possible to add expiration date that is greater than 3600s?

[SamTV12345]

Thanks looks good :)

[SamTV12345]

Is it possible to add expiration date that is greater than 3600s?

No not really. But we could add settings for overriding the value. It is in the security package.

[SamTV12345]

@webzwo0i Should we add the configurable part of this in this pr or should I create a new one for that?

[jibon57]

@webzwo0i I was trying to follow your provided code but I am getting error like:

curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials

{"error":"invalid_client_metadata","error_description":"grant_types can only contain 'implicit' or 'authorization_code'"}

In my settings.json I have added:

  "sso": {
    "issuer": "${SSO_ISSUER:http://localhost:9001}",
    "clients": [
      {
        "client_id": "client_credentials",
        "redirect_uris": [],
        "response_types": [],
        "grant_types": ["client_credentials"],
        "client_secret": "client_credentials",
        "extraParams": [
          {
            "name": "admin",
            "value": "true"
          }
        ]
      }
    ]
  }

Any suggestion in where I'm doing mistake?

[SamTV12345]

@webzwo0i I was trying to follow your provided code but I am getting error like:

curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials

{"error":"invalid_client_metadata","error_description":"grant_types can only contain 'implicit' or 'authorization_code'"}

In my settings.json I have added:

  "sso": {
    "issuer": "${SSO_ISSUER:http://localhost:9001}",
    "clients": [
      {
        "client_id": "client_credentials",
        "redirect_uris": [],
        "response_types": [],
        "grant_types": ["client_credentials"],
        "client_secret": "client_credentials",
        "extraParams": [
          {
            "name": "admin",
            "value": "true"
          }
        ]
      }
    ]
  }

Any suggestion in where I'm doing mistake?

Can you remove the "grant_types": ["client_credentials"] and replace it with "grant_types": ["code"]?

[jibon57]

@SamTV12345 , thanks for reply but I'm getting same error e.g

{"error":"invalid_client_metadata","error_description":"grant_types can only contain 'implicit' or 'authorization_code'"}

by

  "sso": {
    "issuer": "${SSO_ISSUER:http://localhost:9001}",
    "clients": [
      {
        "client_id": "client_credentials",
        "client_secret": "client_credentials",
        "grant_types": ["code"],
        "redirect_uris": [],
        "response_types": [],
        "extraParams": [
          {
            "name": "admin",
            "value": "true"
          }
        ]
      }
    ]
  }

[jibon57]

@SamTV12345 , I just tried from docker etherpad/etherpad:develop with this settings:

  "sso": {
    "issuer": "${SSO_ISSUER:http://localhost:9001}",
    "clients": [
      {
        "client_id": "client_credentials",
        "client_secret": "client_credentials",
        "grant_types": ["client_credentials"],
        "redirect_uris": [],
        "response_types": [],
        "extraParams": [
          {
            "name": "admin",
            "value": "true"
          }
        ]
      }
    ]
  }

by calling:

curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials

This time it was success:

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6IjRmV1o3RklESlNaRExkU2xwa2FQODRRMXJGVUo1TXZpdjdiZlZ3YV9pckEifQ.eyJhZG1pbiI6InRydWUiLCJqdGkiOiJJcDE0cVlyeTAwaUs2WDJhTmFIVVUiLCJzdWIiOiJjbGllbnRfY3JlZGVudGlhbHMiLCJpYXQiOjE3MTM2MDYyMzIsImV4cCI6MTcxMzYwOTgzMiwiY2xpZW50X2lkIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MDAxIiwiYXVkIjoiYWNjb3VudCJ9.kkagJgEasm-w8jRC3FKAfC1CpU8p9Q5I3zD8LZY7lHfxOMD-NRlmN1kpXnhjmM_CK8kvy1aB-XDtgPJ1HSYlLx0TtwvItoRYix_zmMPjObftjPDSl4q-rHM3-UkKdqCozV8Wm1dzk3dg7Re6Jaa_jjlSKPd4WzmKsAwmWh6R_zqQ4rtYEzNlUaWI6g-_c_SNXlhxuWbjBK_NTQm07HhtPPQPMPaQO-CpRLJk_fS9Kg-25yuUki_KaiKG19xKVfApsnURLC_BDTuR1G4jEOuZRTs61n5xFVuiUaEpayPhGrOMQnU7rx1y7foMTD3_s1hIBufuEf-ehn1DUcaeA7W4PQ","expires_in":3600,"token_type":"Bearer"}

[SamTV12345]

@SamTV12345 , I just tried from docker etherpad/etherpad:develop with this settings:

  "sso": {

    "issuer": "${SSO_ISSUER:http://localhost:9001}",

    "clients": [

      {

        "client_id": "client_credentials",

        "client_secret": "client_credentials",

        "grant_types": ["client_credentials"],

        "redirect_uris": [],

        "response_types": [],

        "extraParams": [

          {

            "name": "admin",

            "value": "true"

          }

        ]

      }

    ]

  }

by calling:

curl --request POST --url 'http://localhost:9001/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=code --client_credentials client_id=client_credentials --data client_secret=client_credentials

This time it was success:

{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6IjRmV1o3RklESlNaRExkU2xwa2FQODRRMXJGVUo1TXZpdjdiZlZ3YV9pckEifQ.eyJhZG1pbiI6InRydWUiLCJqdGkiOiJJcDE0cVlyeTAwaUs2WDJhTmFIVVUiLCJzdWIiOiJjbGllbnRfY3JlZGVudGlhbHMiLCJpYXQiOjE3MTM2MDYyMzIsImV4cCI6MTcxMzYwOTgzMiwiY2xpZW50X2lkIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MDAxIiwiYXVkIjoiYWNjb3VudCJ9.kkagJgEasm-w8jRC3FKAfC1CpU8p9Q5I3zD8LZY7lHfxOMD-NRlmN1kpXnhjmM_CK8kvy1aB-XDtgPJ1HSYlLx0TtwvItoRYix_zmMPjObftjPDSl4q-rHM3-UkKdqCozV8Wm1dzk3dg7Re6Jaa_jjlSKPd4WzmKsAwmWh6R_zqQ4rtYEzNlUaWI6g-_c_SNXlhxuWbjBK_NTQm07HhtPPQPMPaQO-CpRLJk_fS9Kg-25yuUki_KaiKG19xKVfApsnURLC_BDTuR1G4jEOuZRTs61n5xFVuiUaEpayPhGrOMQnU7rx1y7foMTD3_s1hIBufuEf-ehn1DUcaeA7W4PQ","expires_in":3600,"token_type":"Bearer"}

Awesome so it is working great :).

[jibon57]

@SamTV12345 I have seen your new commit: d64924e in where you are suggesting to use code instated of client_credentials which is not working. So far client_credentials seems correct.

[SamTV12345]

@SamTV12345 I have seen your new commit: d64924e in where you are suggesting to use code instated of client_credentials which is not working. So far client_credentials seems correct.

Is it really working?

[jibon57]

@SamTV12345 yes, from my side client_credentials is working: #6328 (comment)

[SamTV12345]

@webzwo0i What do you think? Do we need anything else?