Versions Compared

Old Version 25

changes.mady.by.user Graham O'Regan (Unlicensed)

Saved on

compared with

New Version 26

changes.mady.by.user Graham O'Regan (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Use use a password grant to exchange a username and password for a JWT token. The response from this command will be a JSON document with the access token with it;

    Code Block
    {
    "access_token": "<long string value>",
    "expires_in": 300,
    "id_token": "<long string value>",
    "not-before-policy": 0,
    "refresh_expires_in": 1800,
    "refresh_token": "<long string value>",
    "session_state": "<uuid>",
    "token_type": "bearer"
}
  2. In this step, we show how the token is validated using a client id and secret. This step will be completed by mod_auth_openidc and is included for completeness.

  3. In this step, we add the "Authorization: Bearer <access token>" header to our call. Apache will intercept the call, extract the JWT and validate it before forwarding the request to the target API. 

    Code Block
    GET /test/ HTTP/1.1
Host: dev-apps.lin.nhs.uk
User-Agent: curl/7.49.1
Accept: */*
Authorization: bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJrcEk5UC1hQ3JaTXJ4cG5aeWNnNnlISk9VZ3g0a2hUYS04TlJyMkRhY0g0In0.eyJqdGkiOiI4MTNhNzUzMS04NmIzLTRjOTgtODY4ZS01NzA5M2E4NDY2MmQiLCJleHAiOjE0ODA2MDkyNzQsIm5iZiI6MCwiaWF0IjoxNDgwNjA4OTc0LCJpc3MiOiJodHRwczovL2Rldi1hcHBzLmxpbi5uaHMudWsvYXV0aC9yZWFsbXMvbGluIiwiYXVkIjoiYWRtaW4tY2xpIiwic3ViIjoiNGY5YWRhY2MtZjEyNC00M2FmLTkyZDMtYjVlZDc3NjhlYTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiZDM0M2ZiYmUtZjYxMS00YTg3LWE0ZTktODg0ODI0ZTYzN2VkIiwiYWNyIjoiMSIsImNsaWVudF9zZXNzaW9uIjoiODZkZTk0NTQtYmY1Ny00ZDM2LThjYjItOWU0ZjllMDA3MTQ2IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVzb3VyY2VfYWNjZXNzIjp7fSwibmFtZSI6IkphbWVzIEh1ZHNvbiIsInByZWZlcnJlZF91c2VybmFtZSI6ImphbWVzaCIsImdpdmVuX25hbWUiOiJKYW1lcyIsImZhbWlseV9uYW1lIjoiSHVkc29uIn0.F_wFf1T_kEdcZDlG_H45lk5uukN26trTsPHcko-RF7Zk9VXLjPX6HcExASUmxMqMTBRrbYuLDDPWGZ7OoKHIp-bG-3wR3XqGDTVgQ-DbzarAtEDKsNbAzReh008uo_U3j9biwKHcWNOAFuSde5ZUma5qWS6jvpV750lwCb7WU8xikci9lD_WK6xW_H1B_KW8WJ4SpoH7qNI1OITFtMOQBx06z2q-DQVc_3bISwDKx-sFj6MFOr-0OcXz935H1OJICFYjljquY5q-6ZkB0bwVKVpOKd22q7cnAT50bzAbXCQifja0Jr9qVUytq79QxEDeGeAo40WzPO_a7PPTkfvHdw
OIDC_CLAIM_name: James Hudson
OIDC_CLAIM_allowed-origins: 
OIDC_CLAIM_typ: Bearer
OIDC_CLAIM_azp: admin-cli
OIDC_CLAIM_jti: 813a7531-86b3-4c98-868e-57093a84662d
OIDC_CLAIM_sub: 4f9adacc-f124-43af-92d3-b5ed7768ea54
OIDC_CLAIM_nbf: 0
OIDC_CLAIM_auth_time: 0
OIDC_CLAIM_session_state: d343fbbe-f611-4a87-a4e9-884824e637ed
OIDC_CLAIM_exp: 1480609274
OIDC_CLAIM_client_session: 86de9454-bf57-4d36-8cb2-9e4f9e007146
OIDC_CLAIM_iat: 1480608974
OIDC_CLAIM_iss: https://dev-apps.lin.nhs.uk/auth/realms/lin
OIDC_CLAIM_aud: admin-cli
OIDC_CLAIM_given_name: James
OIDC_CLAIM_family_name: Hudson
OIDC_CLAIM_acr: 1
OIDC_CLAIM_preferred_username: jamesh
OIDC_CLAIM_username: jamesh
OIDC_CLAIM_resource_access: {}
OIDC_CLAIM_client_id: admin-cli
OIDC_CLAIM_active: 1
OIDC_access_token: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJrcEk5UC1hQ3JaTXJ4cG5aeWNnNnlISk9VZ3g0a2hUYS04TlJyMkRhY0g0In0.eyJqdGkiOiI4MTNhNzUzMS04NmIzLTRjOTgtODY4ZS01NzA5M2E4NDY2MmQiLCJleHAiOjE0ODA2MDkyNzQsIm5iZiI6MCwiaWF0IjoxNDgwNjA4OTc0LCJpc3MiOiJodHRwczovL2Rldi1hcHBzLmxpbi5uaHMudWsvYXV0aC9yZWFsbXMvbGluIiwiYXVkIjoiYWRtaW4tY2xpIiwic3ViIjoiNGY5YWRhY2MtZjEyNC00M2FmLTkyZDMtYjVlZDc3NjhlYTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiZDM0M2ZiYmUtZjYxMS00YTg3LWE0ZTktODg0ODI0ZTYzN2VkIiwiYWNyIjoiMSIsImNsaWVudF9zZXNzaW9uIjoiODZkZTk0NTQtYmY1Ny00ZDM2LThjYjItOWU0ZjllMDA3MTQ2IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVzb3VyY2VfYWNjZXNzIjp7fSwibmFtZSI6IkphbWVzIEh1ZHNvbiIsInByZWZlcnJlZF91c2VybmFtZSI6ImphbWVzaCIsImdpdmVuX25hbWUiOiJKYW1lcyIsImZhbWlseV9uYW1lIjoiSHVkc29uIn0.F_wFf1T_kEdcZDlG_H45lk5uukN26trTsPHcko-RF7Zk9VXLjPX6HcExASUmxMqMTBRrbYuLDDPWGZ7OoKHIp-bG-3wR3XqGDTVgQ-DbzarAtEDKsNbAzReh008uo_U3j9biwKHcWNOAFuSde5ZUma5qWS6jvpV750lwCb7WU8xikci9lD_WK6xW_H1B_KW8WJ4SpoH7qNI1OITFtMOQBx06z2q-DQVc_3bISwDKx-sFj6MFOr-0OcXz935H1OJICFYjljquY5q-6ZkB0bwVKVpOKd22q7cnAT50bzAbXCQifja0Jr9qVUytq79QxEDeGeAo40WzPO_a7PPTkfvHdw
X-Forwarded-Proto: https
X-Forwarded-For: 89.16.226.104
X-Forwarded-Host: dev-apps.lin.nhs.uk
X-Forwarded-Server: dev-apps.lin.nhs.uk
Connection: Keep-Alive

LIN Keycloak Theme

We have updated the Keycloak theme for the login screens, the new code is held in https://github.com/Health-Education-England/TIS-KEYCLOAK-THEME

...