Teacher
entity named Pranav Agate who teaches Math at UP Public School, we would make the following API call:result.{entity-type}.osid
string
User Property
mapper) the scope to give the client permission to access the data.openid
scope to get access to all the public fields of the entity. Then, we must construct a URL to request the entity to grant us access to their data as follows:The following example has been indented and split into multiple lines for readability only.
http://localhost:8080/auth/realms/sunbird-rc/protocol/openid-connect/auth?scope=openid&response_type=code&redirect_uri=*&client_id=registry-frontend
Teacher
entity we created in the Creating An Entity section - enter 1234567890
as the username and test
as the password.Here,registry-frontend
is the preconfigured client we use to make requests to keycloak andtest
is the default password for all entities.
Teacher
, you will see a consent screen, asking you to grant access to Registry Frontend
. Click YES
to grant access to the client and continue with the consent flow.YES
, it will redirect you to http://localhost:8080/auth/*
. You will see an error page, as we have not setup a frontend application to parse the response and request an access token automatically. For this example (and to gain a better understanding of how the consent flow works), we will parse keycloak's response manually.session_state
and code
. The code
parameter is of most importance here - it is a one-time code that will allow us to retrieve an access token with access to the entity's data. Copy the value of the code
parameter (everything after code=
in the URL). To retrieve an access token, we make the following request:If you get ainvalid_grant: Code not valid
error, just go through the consent flow again. Thecode
expires quickly, so try to make the request for the access token as soon as you get redirected to the redirect URL!
access_token
string
expires_in
number
token_type
string
Bearer
, else we have gotten the wrong tokenscope
string
openid
, and this means we successfully got user consent!Teacher
entity we just created, we would make the following API call:Here,registry-frontend
is the preconfigured client we use to make requests to keycloak andtest
is the default password for all entities.
access_token
string
expires_in
number
token_type
string
Bearer
, else we have gotten the wrong tokenscope
string
Replace the{id}
above with the entity'sosid
you saved from the create entity request. Replace the{access-token}
with theTeacher
entity's access token from the consent/authentication step.
osOwner
string
_osState/{field}
string
DRAFT
(when it has not been sent for attestation), ATTESTATION_REQUESTED
(when sent for attestation), PUBLISHED
(when successfully attested) and REJECTED
(when rejected by the attestor)Teacher
entity Pranav Agate teaches to Biology
, we would make the following API call:Replace the{id}
above with the entity'sosid
you saved from the create entity request. Replace the{access-token}
with theTeacher
entity's access token from the consent/authentication step.
We need to send the whole entity and not just the updated fields because that is how RESTful APIs work. A PUT call should replace the existing record in the database with the new object as-is. To know more about this, take a look at the accepted answer on this SO question.
Teacher
entity, we would make the following API call:Replace the{id}
above with the entity'sosid
you saved from the create entity request. Replace the{access-token}
with theTeacher
entity's access token from the consent/authentication step.
Student
entity named Prashant Joshi who also goes to UP Public School:Replace the{id}
above with the entity'sosid
you saved from the create entity request. Replace the{access-token}
with theStudent
entity's access token from the consent/authentication step.
Student
entity by following the Retrieving An Entity section, you will get the following object in response:osOwner
string
_osState/{field}
string
DRAFT
(when it has not been sent for attestation), ATTESTATION_REQUESTED
(when sent for attestation), PUBLISHED
(when successfully attested) and REJECTED
(when rejected by the attestor)_osClaimId/{field}
string
Replace the{claim-id}
above with the_osClaimId/school
you saved from the make a claim request. Replace the{access-token}
with theTeacher
entity's access token from the consent/authentication step. ReplaceGRANT_CLAIM
withREJECT_CLAIM
to reject the claim instead.