Table of Contents
These instructions describe how to sign up to Authlete, create a new service and register an OAuth/OIDC client to the service.
We will be covering the following steps of the instructions:
You have to obtain your own “Service Owner” account of Authlete before using its APIs as your authorization server’s backend. The link to the registration page is below. Keep “Login ID” and “Password” that you submitted safe.
https://so.authlete.com/accounts/signup
Let’s try to log in to Service Owner Console to see if your account has been successfully registered. Open the following link via Web browser and submit your Login ID and Password.
https://so.authlete.com/accounts/login
Once logged in successfully, you will see the following content.
Now you’ve got access to Authlete’s Service Owner Console. Click “Log out” link on upper right corner of the page if you would like to log out of the console.
Let’s prepare your first Authlete API service. Log in to Authlete’s Service Owner Console https://so.authlete.com/accounts/login and click “Create Service” button.
You will see the service creation page. Enter an arbitrary name of the service and click “Create” button. Press “OK” in a dialog for confirmation.
The new service has been created.
Automatically generated values of “API Key” and “API Secret” will be used as “Login ID” and “Password” to log in to Developer Console, as well as credential for your authorization server to make requests to Authlete APIs.
There is also a URL that points to “Client Application Developer Console.” You will use the link in the next step.
| Item | Value |
|---|---|
| API Key | Auto-generated e.g. 10738933707579 |
| API Secret | Auto-generated e.g. Xg6jVpJCvsaXvy2ks8R5WzjdMYlvQqOym3slDX0wNhQ |
| Client Application Developer Console | Auto-generated e.g. https://cd.authlete.com/10738933707579 |
Let’s add new client information to the new service you’ve just created.
Open the link to Authlete’s Developer Console for the service (e.g. https://cd.authlete.com/10738933707579) and log in to the console with your API Key (e.g. 10738933707579) and API Secret (e.g. Xg6jVpJCvsaXvy2ks8R5WzjdMYlvQqOym3slDX0wNhQ) as Login ID and Password respectively.
Once logged in to the Developer Console successfully, you will see the following content. Click “Create App” button.
The Create App page includes a couple of tabs. The first one is Basic.
In this step, we will register an OAuth/OIDC client that has the following properties:
Authorization: Basic header
(cf. 2.3.1. Client Password)https://client.example.org/cb/example.com as a redirection endpoint for authorization response
(cf. 3.1.2. Redirection Endpoint)Enter an arbitrary value for Client Name and select CONFIDENTIAL for Client Type. Then click Authorization tab next to Basic.
On the Authorization tab, enter a value for Redirect URIs and select Client Authentication Method as stated below.
| Item | Value |
|---|---|
| Redirect URIs | https://client.example.org/cb/example.com |
| Client Authentication Method | CLIENT_SECRET_BASIC |
Click “Create” button at the bottom of the page. Press “OK” in a dialog for confirmation.
Now you’ve done registration of the client to the service.
Automatically generated values of “Client ID” and “Client Secret” will be used as client_id and client_secret for the client to make requests to the authorization server. Also, make sure other values are set as expected.
| Item | Value |
|---|---|
| Client ID | Auto-generetad e.g. 12818600553323 |
| Client Secret | Auto-generated e.g. -olDIKD9BihRfB8O1JxobUEKBZ7PIV5Z6oaqxAshmoUtUZgB-wjmmxTYDiDV6vM_Mgl267PeNrRftq8cWplvmg |
| Client Type | CONFIDENTIAL |
| Redirect URIs | https://client.example.org/cb/example.com |
| Client Authentication Method | CLIENT_SECRET_BASIC |
Now you’ve completed preparing the minimum environment.
Let’s check if the environment works, using Authlete’s /auth/authorization API.
Let’s make a request to this API by acting as the authorization server.
For Linux/Mac, execute curl command as follows (message #4).
Make sure to replace API Key, API Secret, Client ID by your own values generated in the previous step.
curl -s -X POST https://api.authlete.com/api/auth/authorization \
-u '<API Key e.g. 10738933707579>:<API Secret e.g. Xg6jVpJCvsaXvy2ks8R5WzjdMYlvQqOym3slDX0wNhQ>' \
-H 'Content-Type: application/json' \
-d '{ "parameters": "redirect_uri=https://client.example.org/cb/example.com&response_type=code&client_id=<Client ID e.g. 12818600553323>" }'
If you are using Windows 10's bundled curl.exe command via PowerShell, make sure the command is curl.exe instead of curl, escape " characters and use ` to break lines. (message #4).
Make sure to replace API Key, API Secret, Client ID by your own values generated in the previous step.
curl.exe -s -X POST https://api.authlete.com/api/auth/authorization `
-u '<API Key e.g. 10723797812772>:<API Secret e.g. ekYoYTI84qZcpe6bXGzDwduQ1fGBYxJT8K8Tnwd7poc>' `
-H 'Content-Type: application/json' `
-d '{\"parameters\" : \"redirect_uri=https://client.example.org/cb/example.com&response_type=code&client_id=<Client ID e.g. 12800697055611>\"}'
If the request is appropriate, Authlete makes the following response (omitted for brevity).
{
"resultMessage" : "[A004001] Authlete has successfully issued a ticket to the service (API Key = 10723797812772) for the authorization request from the client (ID = 12800697055611). [response_type=code, openid=false]",
"type" : "authorizationResponse",
"resultCode" : "A004001",
"client" : { [...] },
"ticket" : "bi2Kxe2WW5mK_GZ_fDFOpK1bnY6xTy40Ap_8nxf-7AU",
"action" : "INTERACTION",
[...]
"service" : {
[...]
"supportedClaims" : [
[...]
],
"supportedScopes" : [
[...]
],
}
}
In these instructions, we were able to confirm how to sign up to Authlete, create a new service and register an OAuth/OIDC client to the service.
Check out related articles to implement your OAuth/OIDC servers and configure your Authlete service.