Authenticating As An Entity
We can authenticate with the registry as a particular entity to perform operations like retrieving, searching, updating and attesting.

Request

To authenticate as an entity, we need to make the following request:
1
POST /auth/realms/{realm}/protocol/openid-connect/token
Copied!
Field
In
Type
Description
content-type
header
string
Set to application/x-www-form-urlencoded
client_id
body
string
Set to registry-frontend
username
body
string
The _osConfig.ownershipAttributes.userId of the entity according to the schema
password
body
string
Set to [email protected] (default password, specified in registry config/docker compose file)
grant_type
body
string
Set to password

Response

This API call should return a JSON object as follows:
1
{
2
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lk...2cSSaBKuB58I2OYDGw",
3
"expires_in": 300,
4
"not-before-policy": 0,
5
"refresh_expires_in": 1800,
6
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lk...9HulwVv12bBDUdU_nidZXo",
7
"scope": "email profile",
8
"session_state": "300f8a46-e430-4fd6-92aa-a2d337d7343e",
9
"token_type": "Bearer"
10
}
Copied!
Important variables in the response body:
Field
In
Type
Description
access_token
body
string
Access token used to retrieve/update entity
expires_in
body
number
Number of seconds before the access token will be declared invalid
token_type
body
string
Should be Bearer, else we have gotten the wrong token
scope
body
string
Using this token, what information we can access about the entity

Usage

cURL

1
curl --location \
2
--request POST \
3
--header 'content-type: application/x-www-form-urlencoded' \
4
--data 'client_id=registry-frontend' \
5
--data 'username={username}' \
6
--data '[email protected]' \
7
--data 'grant_type=password' \
8
'{keycloak-url}/auth/realms/{realm}/protocol/openid-connect/token'
Copied!

HTTPie

1
http --form post \
2
'{keycloak-url}/auth/realms/{realm}/protocol/openid-connect/token' \
3
'content-type: application/x-www-form-urlencoded' \
4
'client_id=registry-frontend' \
5
'username={username}' \
7
'grant_type=password'
Copied!
{keycloak-url} is usually http://localhost:8081, and {realm} is usually sunbird-rc.
The {keycloak-url} is usually localhost:{port}. The port can be found under the kc section in the docker-compose.yaml file. The {realm} can be found at the top of the realm-export.json file used to configure keycloak.
Last modified 8d ago
Copy link
Edit on GitHub