Server-to-server Authentication
Instead of obtaining access token using the OAuth 2.0 flow, you can call Authcore API using a signed JWT directly as a bearer token, . You can avoid having to make a network request before making an API call. To do so:
- 1.Generate an EC private key, of size 256, and output it to a file named
key.pem
:$ openssl ecparam -name prime256v1 -genkey -noout -out key.pem - 2.Extract the public key from the key pair:$ openssl ec -in key.pem -pubout -out public.pem
- 3.Update Authcore config file, set
service_account_public_key
to the public key andservice_account_id
to the ID of the user that act as a service account. - 4.Using any standard JWT library, such as one found at jwt.io, create a JWT with ES256 algorithm and payload like the following example:{"iss": "serviceaccount:<service_account_id>","sub": "serviceaccount:<service_account_id>","iat": 1511900000,"exp": 1511903600}Sign the JWT with
prime256v1
using the above private key.For example (Javascript):var jwt = require('jsonwebtoken')var opts = {algorithm: "ES256",issuer: "serviceaccount:server",subject: "serviceaccount:server",expiresIn: 60}var token = jwt.sign({}, privateKeyPEM, opts) - 5.Call the API, using the signed JWT as the bearer token:GET /api/v2/users HTTP/1.1Host: testing.authcore.ioAuthorization: Bearer <SIGNED_JWT>Content-Type: application/json
Last modified 3yr ago