OAuthCEC

OAuthCEC 1.0

0
No votes yet
expand_moreexpand_lessContact information
CEC Bank -PSD2 developers team
forum Discuss this API in the forum
development
https://api-test.cec.ro/cec/tpp

Paths

/oauth2/authorize

get /oauth2/authorize

endpoint for Authorization Code and Implicit grants

description

response_type
Required in query
string

request an authorization code or or access token (implicit)

{
    "enum": [
        "code",
        "token"
    ]
}
scope
Required in query
string

Scope being requested

redirect_uri
Optional in query
string

URI where user is redirected to after authorization

state
Optional in query
string

This string will be echoed back to application when user is redirected

Accept
Optional in header
string
text/html
200

An HTML form for authentication or authorization of this request.

302

Redirect to the clients redirect_uri containing one of the following

  • authorization code for Authorization code grant
  • access token for Implicity grant
  • error in case of errors, such as the user has denied the request
Example Request
Example Response
GET https://api-test.cec.ro/cec/tpp/oauthcec/oauth2/authorize
Try this operation
https://api-test.cec.ro/cec/tpp/oauthcec/oauth2/authorize
accept
response_type
scope
redirect_uri
state
post /oauth2/authorize

submit approval to authorization code or access token

Submit resource owners approval (or rejection) for the OAuth2 Server to issue an authorization code or access token to the application.

client_id
Required in formData
string

application requesting the access code or token

scope
Required in formData
string

requested scope of this authorization

resource-owner
Required in formData
string

resource owners user name

redirect_uri
Required in formData
string

URI the application is requesting this code or token to be redirected to

original-url
Required in formData
string

URL of the original authorization request

dp-state
Required in formData
string

state information provided in the authorization form

dp-data
Required in formData
string

state information provided in the authorization form

Content-Type
Optional in header
string
application/json
Accept
Optional in header
string
text/html
200

A consent form for oauth processing.

Example Request
Example Response
POST https://api-test.cec.ro/cec/tpp/oauthcec/oauth2/authorize
Try this operation
https://api-test.cec.ro/cec/tpp/oauthcec/oauth2/authorize
content-type
accept
client_id
scope
resource-owner
redirect_uri
original-url
dp-state
dp-data

/oauth2/token

post /oauth2/token

Request Access Tokens

This endpoint allows requesting an access token following one of the flows below:

  • Authorization Code (exchange code for access token)
  • Client Credentials (2-legged, there isnt resource owner information)
  • Resource Owner Password Credentials (2-legged, client provides resource owner name and password)
  • Refresh Token (exchange refresh token for a new access code)

The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.

Client authentication:

  • Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post their client_id and client_secret information as a formData parameter.
  • Public clients should send their client_id as formData parameter.
grant_type code client_credentials password refresh_token
client_id required | required required | required
client_secret required | required required | required
code required
redirect_uri required
username required
password required
scope optional optional
refresh_token required

The implicit grant requests, see /oauth2/authorize.

clientIdHeader
X-IBM-Client-Id
(apiKey located in header)
grant_type
Required in formData
string

Type of grant

{
    "enum": [
        "authorization_code",
        "password",
        "client_credentials",
        "refresh_token"
    ]
}
client_id
Required in formData
string

Application client ID, can be provided in formData or using HTTP Basic Authentication

client_secret
Optional in formData
string

Application secret, must be provided in formData or using HTTP Basic Authentication

code
Required in formData
string

Authorization code provided by the /oauth2/authorize endpoint

redirect_uri
Required in formData
string

required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical.

username
Optional in formData
string

Resource owner username

password
Optional in formData
string

Resource owner password

scope
Required in formData
string

Scope being requested

refresh_token
Optional in formData
string

The refresh token that the client wants to exchange for a new access token (refresh_token grant_type)

code_verifier
Optional in formData
string

code verifier for pkce

Content-Type
Optional in header
string
application/x-www-form-urlencoded
Accept
Optional in header
string
application/json
200

json document containing token, etc.

access_token_response
400

json document that may contain additional details about the failure

Example Request
Example Response
POST https://api-test.cec.ro/cec/tpp/oauthcec/oauth2/token
Try this operation
https://api-test.cec.ro/cec/tpp/oauthcec/oauth2/token
content-type
accept
grant_type
client_id
client_secret
code
redirect_uri
username
password
scope
refresh_token
code_verifier

Definitions 

{
    "type": "object",
    "additionalProperties": false,
    "required": [
        "token_type",
        "access_token",
        "expires_in"
    ],
    "properties": {
        "token_type": {
            "enum": [
                "bearer"
            ]
        },
        "access_token": {
            "type": "string"
        },
        "expires_in": {
            "type": "integer"
        },
        "scope": {
            "type": "string"
        },
        "refresh_token": {
            "type": "string"
        }
    }
}
              
{
    "type": "object",
    "additionalProperties": true,
    "required": [
        "active",
        "client_id",
        "client_name",
        "username",
        "sub",
        "exp",
        "expstr",
        "iat",
        "nbf",
        "nbfstr",
        "scope",
        "consentId"
    ],
    "properties": {
        "active": {
            "type": "boolean"
        },
        "client_id": {
            "type": "string"
        },
        "client_name": {
            "type": "string"
        },
        "username": {
            "type": "string"
        },
        "sub": {
            "type": "string"
        },
        "exp": {
            "type": "string"
        },
        "expstr": {
            "type": "string"
        },
        "iat": {
            "type": "string"
        },
        "nbf": {
            "type": "string"
        },
        "nbfstr": {
            "type": "string"
        },
        "scope": {
            "type": "string"
        },
        "miscinfo": {
            "type": "string"
        },
        "consented_on": {
            "type": "string"
        },
        "consented_on_str": {
            "type": "string"
        },
        "grant_type": {
            "type": "string"
        },
        "consentId": {
            "type": "string"
        }
    }
}