Server-to-server Authentication
Instead of obtaining access token using the OAuth 2.0 flow, you can call Authcore API using a signed JWT directly as a bearer token, . You can avoid having to make a network request before making an API call. To do so:
    1.
    Generate an EC private key, of size 256, and output it to a file named key.pem:
    1
    $ openssl ecparam -name prime256v1 -genkey -noout -out key.pem
    Copied!
    2.
    Extract the public key from the key pair:
    1
    $ openssl ec -in key.pem -pubout -out public.pem
    Copied!
    3.
    Update Authcore config file, set service_account_public_key to the public key and service_account_id to the ID of the user that act as a service account.
    4.
    Using any standard JWT library, such as one found at jwt.io, create a JWT with ES256 algorithm and payload like the following example:
    1
    {
    2
    "iss": "serviceaccount:<service_account_id>",
    3
    "sub": "serviceaccount:<service_account_id>",
    4
    "iat": 1511900000,
    5
    "exp": 1511903600
    6
    }
    Copied!
    Sign the JWT with prime256v1 using the above private key.
    For example (Javascript):
    1
    var jwt = require('jsonwebtoken')
    2
    var opts = {
    3
    algorithm: "ES256",
    4
    issuer: "serviceaccount:server",
    5
    subject: "serviceaccount:server",
    6
    expiresIn: 60
    7
    }
    8
    var token = jwt.sign({}, privateKeyPEM, opts)
    Copied!
    5.
    Call the API, using the signed JWT as the bearer token:
    1
    GET /api/v2/users HTTP/1.1
    2
    Host: testing.authcore.io
    3
    Authorization: Bearer <SIGNED_JWT>
    4
    Content-Type: application/json
    Copied!
Last modified 1yr ago
Copy link