Client_secret_basic Authentication

By: Minhyung Kim user 16 Oct 2020 at 2:35 a.m. CDT

3 Responses
Minhyung Kim gravatar
To my understanding, Client_secret_basic authentication method for the Token Endpoint requires "username" (corresponding to uid in LDAP) and "password" (corresponding to userPassword in LDAP). Is it possible to support custom authentication? For example, would it be possible to provide "username2" and "password2" instead to obtain an auth token? I was looking into "authenticationFilters" but have no idea how to use them.
Ubuntu 18.04
closed

Answers

By Jose Gonzalez staff 16 Oct 2020 at 7:10 a.m. CDT

Copy
Jose Gonzalez gravatar
You are mixing clients and users... For `Client_secret_basic` you provide the clientId and clientSecret of the client your application is employing. Clients can be managed in oxTrust under `OpenId Connect > Clients`. See section 2.3 of RFC 6749 and section 2 of RFC 2617.

By Minhyung Kim user 18 Oct 2020 at 7:18 p.m. CDT

Copy
Minhyung Kim gravatar
Thanks for the clarification. To rephrase my question, how would I configure gluu so that, when requesting an auth token via the "/oxauth/restv1/token" endpoint, I can provide custom credentials instead of "username" and "password"? ``` Current request to "/oxauth/restv1/token": I am providing: - "grant_type" - "Authorization" (Base64 encoded client_id, client_secret) - "username" - "password" - "scope" Future request to "/oxauth/restv1/token" (is this possible?): I would like to provide: - "grant_type" - "Authorization" (Base64 encoded client_id, client_secret) - custom LDAP variable "username2" - custom LDAP variable "password2" - "scope" ```

By Jose Gonzalez staff 20 Oct 2020 at 7:58 a.m. CDT

Copy
Jose Gonzalez gravatar
I would have to have more information about the problem context to give you a more precise answer. It is unclear what your flow is or your grant type. Nonetheless, taking into account that you are mentioning LDAP attributes I suppose you are trying to authenticate users... In that case Resource Owner Password Credentials sounds like a good match given your example (see sect 4.3 of OAuth 2.0 RFC 6749), and this [doc](https://www.gluu.org/docs/gluu-server/admin-guide/oauth2/#resource-owner-password-credentials-grant) page. To make it work with attributes different from userName and Password you will have to code an interception script to handle such custom logic. Out-of-the-box there should be a "resource_owner_password_credentials_example" in oxTrust (`Configuration > Authentication Scripts`) that serves as an example. You can find the code [here](https://github.com/GluuFederation/community-edition-setup/tree/version_4.1.0/static/extension/resource_owner_password_credentials) as well. We don't provide script development assistance for community users though. Another relevant link is [here](https://www.gluu.org/docs/gluu-server/developer-guide/tips-cust-script-pages/).

Post an answer