Wednesday, November 14, 2012

Usage of WSO2 API Manager's login api

Login uri in API Manager gateway is acting as another API. Actually what it does is expose OAuth2 login functionality as API.  Once we send request with /login as context gateway will send to https://localhost:9443/oauth2endpoints/token(key management nodes token end point) which is configurable. OAuth2 end point is responsible for all OAuth related functionality. Most common use case of using this end point is obtaining new user token. We can use any client application for this such as advanced rest client curl or any other application. Lets see how we can obtain new user token.

When we create new application we can get consumer key and consumer secret key pair. Also each user is getting application token which can be expire after some time. So if some user want to generate new user token for his application they can use this end point. Each user is having username and password. We have to use all these parameters to obtain new token. 

If you are using advanced rest client set parameters as follows
Method - POST
Body - grant_type=password&username=admin&password=admin&scope=PRODUCTION
Also add following headers
01.Content-Type - application/x-www-form-urlencoded
02.Also add  Basic Authorization header by setting consumer key as  Username and consumer secret as Password

If you are using curl command use following instructions
generate following string by concatenating consumer key and secret key.
Encode it as Base64 encoded string. It will give some string. For this example it would be KBjmo8mUxLCs_7l9CZXgg9fs6Pcap_P7bTvVxz7tXO2use4emXxENSga
Use following curl command to obtain new user token

curl -k -v -d "grant_type=password&username=username&password=password" -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization :Basic KBjmo8mUxLCs_7l9CZXgg9fs6Pcap_P7bTvVxz7tXO2use4emXxENSga"

From this service call you will get access token(token which can use to access application apis), refresh token(token which can use to refresh token) and validity period(validity period of issued token) inside response body. So that is the basic usage of login api of WSO2 API manager login api.