Sunday, May 3, 2015

Accessing WSO2 IS profile info with curl

The WSO2 Identity Server is able to implement the OpendID connect Client profile. This posts give a basic steps you can follow to retrieve profile info from WSO2 IS

You can retrieve the access token with the command below.


curl -X POST -H "Content-Type:application/x-www-form-urlencoded" <oauth2-token-url> --insecure --data "client_id=<client-id>&client_secret=<client-secret>&grant_type=client_credentials&scope=openid"


Please find a sample command below. Token url is https://localhost:9443/oauth2/token if you have a IS server with hostname “localhost” and no port offset is set. You can find the client id and client secret under the “OAuth/OpenID connect configuration” section of the service provider you are using. Please not that you need to set scope to “openid”


curl -X POST -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token --insecure --data "client_id=1Kfz8ivbw0hqjoTbo1LbVTJl2f4a&client_secret=8c7d2hVE4p17_lIZ4FHOtWLJfQEa&grant_type=client_credentials&scope=openid"


Following is a sample output received.


{"scope":"openid","token_type":"bearer","expires_in":3300,"id_token":"eyJhbGciOiJSUzI1NiJ9.eyJhdXRoX3RpbWUiOjE0MzAzODkyNjEyOTIsImV4cCI6MTQzMDM5Mjg2MTI5Miwic3ViIjoiYWRtaW4iLCJhenAiOiIxS2Z6OGl2YncwaHFqb1RibzFMYlZUSmwyZjRhIiwiYXRfaGFzaCI6IlkyUXlNMk5pWTJNMFlqWXpZell4WkdKaE5HVmxNR0ZtTVRJNU1UUXpOZz09IiwiYXVkIjpbIjFLZno4aXZidzBocWpvVGJvMUxiVlRKbDJmNGEiXSwiaXNzIjoiaHR0cHM6XC9cL2xvY2FsaG9zdDo5NDQzXC9vYXV0aDJlbmRwb2ludHNcL3Rva2VuIiwiaWF0IjoxNDMwMzg5MjYxMjkyfQ.DC9jDagCCkOXYD4ZVF-9wNpddoTdH96B7Mw_3nGv-2lW9SiWvL600b4Cch2mNoFAao1QeGl9pAP4bvbVgJGuthunQxBJuTYLy2KCH5k5Hc9lQsZtEM5Z6yzQ7q2wWfu9il9Lya-gUXVnBJEd5ovqtwI40KSLvuZUoei7l3S8lZo","access_token":"cd23cbcc4b63c61dba4ee0af1291436"} 


Then we can use the access token retrieved above to view profile info with the curl command below.


curl -k -H "Authorization: Bearer <access-token>" <userinfo-edpoint>?schema=openid 


A sample command is as follows 


curl -k -H "Authorization: Bearer 7244fef5b5de362489c5b2ed16de9e" https://localhost:9443/oauth2/userinfo?schema=openid 


This will then retrieve the list of user info attributes that has not null values as the output below.


{"name":"admin","family_name":"admin","preferred_username":"admin","given_name":"admin"} 


If you have looked into identity.xml inside <IS-HOME>/ repository/conf, you can find the response builder class as follows, You can customize this extending the interface UserInfoResponseBuilder [1]. Sample implementation can be found in [2].

 [1]UserInfoResponseBuilder.java 
 [2]UserInfoJSONResponseBuilder.java


1 comment: