Server-to-server Authentication
Instead of obtaining access token using the OAuth 2.0 flow, you can call Authcore API using a signed JWT directly as a bearer token, . You can avoid having to make a network request before making an API call. To do so:
Generate an EC private key, of size 256, and output it to a file named
key.pem
:$ openssl ecparam -name prime256v1 -genkey -noout -out key.pem
Extract the public key from the key pair:
$ openssl ec -in key.pem -pubout -out public.pem
Update Authcore config file, set
service_account_public_key
to the public key andservice_account_id
to the ID of the user that act as a service account.Using any standard JWT library, such as one found at jwt.io, create a JWT with ES256 algorithm and payload like the following example:
{ "iss": "serviceaccount:<service_account_id>", "sub": "serviceaccount:<service_account_id>", "iat": 1511900000, "exp": 1511903600 }
Sign the JWT with
prime256v1
using the above private key.For example (Javascript):
var jwt = require('jsonwebtoken') var opts = { algorithm: "ES256", issuer: "serviceaccount:server", subject: "serviceaccount:server", expiresIn: 60 } var token = jwt.sign({}, privateKeyPEM, opts)
Call the API, using the signed JWT as the bearer token:
GET /api/v2/users HTTP/1.1 Host: testing.authcore.io Authorization: Bearer <SIGNED_JWT> Content-Type: application/json
Last updated
Was this helpful?