I need to use latest news from fiba website and they provided an swagger API which using identityserver4 for authorization system
Our application is PHP and I tried to find something related to php and identityserver but I could not.
I want to send a request to identity server from php and get a access token from that. How can I do this?
To get a token you can use (it works on my installation):
curl -d "client_id=<YOURCLIENT>&client_secret=<YOURCLIENTSECRET>&grant_type=password&username=<youruser>&password=<topsecretpassword>&scope=default openid" -X POST http://youtidentityserver4.tld/oauth/connect/token
Then you will get something like:
{
"access_token": "eyJhbGciOiJSUz....long token",
"expires_in": 3600,
"token_type": "Bearer"
}
As next you can use following request to fetch user information:
curl -i http://youtidentityserver4.tld/oauth/connect/userinfo \
-H "scope: default openid" \
-H "Authorization: Bearer eyJhbGciOiJSUz....long token"
After executing this you should get something like:
{
"sub": "j2h4kh42k4242jhg4j2hg42k34gb2k"
}
depends of your user-database configured behind your IdentityServer4.
sub = short for “subject” => a unique identifier for the user
Use the same scopes on /token request that you want to use later at /userinfo. Otherwise you will get an error "insufficient_scope":
HTTP/1.1 403 Forbidden
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Date: Thu, 20 Sep 2018 15:52:40 GMT
Server: Kestrel
Cache-Control: no-store, no-cache, max-age=0
Pragma: no-cache
WwwAuthentication: Bearer
WwwAuthentication: error="insufficient_scope"
If you need more scopes look under http://youtidentityserver4.tld/oauth/.well-known/openid-configuration and look there under "scopes_supported". (replace youtidentityserver4.tld with your domain)
To realize all this in PHP use some of the well known clients like curl extension directly or Guzzle.