Authorization¶
This part of documentation is about authorization to Openjet platform through API. In order to check this configuration, please set up your local copy of Openjet platform and change openjet.dev to your address.
OAuth2¶
Openjet has the OAuth2 authorization configured. The authorization process is a standard procedure. Authorize as admin and enjoy the API!
Scopes¶
Openjet use specific authentication per client. So we need to attach an allowed_scope to your client.
| Scope | Description |
|---|---|
| backoffice_api | General api for external applications |
| middleware_api | Middleware api |
| pilot_mobile_api | iOS pilot mobile api |
| avinode_api | Avinode api |
| third_party_api | Third party api |
| salesforce_api | Salesforce api |
| booking_api | Booking api |
| flying_group_api | Flyinggroup api |
Create OAuth client¶
Use Openjet command:
bin/console openjet:oauth-server:create-client \
--grant-type="password" \
--grant-type="refresh_token" \
--grant-type="token" \
--grant-type="client_credentials" \
--grant-type="authorization_code" \
--scope="backoffice_api" \
--scope="middleware_api" \
--scope="pilot_mobile_api"
You will receive client public id and client secret
Exemplary Result¶
A new client with public id 1_2t8stjy4hh6oc8kcswcc8c08484w0skcss8kw40o0osk80osco, secret 2zprnijciaass00ccwoc0wokw4sgk8wgcw440gg0gwsok48ggk has been added
Obtain authorization code¶
Warning
User must be connected on Openjet application.
Send the request with the following parameters:
Definition¶
GET /oauth/v2/auth
| Parameter | Parameter type | Description |
|---|---|---|
| client_id | query | Client public id generated in the previous step |
| response_type | query | Must be ‘code’ |
| redirect_uri | query | Url |
Note
This action can be done by POST method as well.
Example¶
http://openjet.dev/oauth/v2/auth?client_id=demo_client&response_type=code&redirect_uri=http://www.example.com
Redirect to:
http://www.example.com/?code=NDdjYjAzMGFkMGFkNmIzZGQ3NGFjNDBmMDA3NjM1MWUzYzE0MDI4ODkxYmE2ZDAxNWJiNDlkODk3ODEwN2IwMA
Obtain access token¶
Send the request with the following parameters:
Definition¶
GET /oauth/v2/token
| Parameter | Parameter type | Description |
|---|---|---|
| client_id | query | Client public id generated in the previous step |
| client_secret | query | Client secret generated in the previous step |
| grant_type | query | We will use ‘password’ to authorize as user. Other available options are authorization_code, token, refresh_token and client_credentials |
| code | query | Authorization code get in previous step |
| redirect_uri | query | Url |
| username | query | User name |
| password | query | User password |
Note
This action can be done by POST method as well.
Example¶
On authorization_code¶
curl http://openjet.dev/oauth/v2/token \
-d "client_id"=demo_client \
-d "client_secret"=secret_demo_client \
-d "grant_type"=authorization_code \
-d "code"=NDdjYjAzMGFkMGFkNmIzZGQ3NGFjNDBmMDA3NjM1MWUzYzE0MDI4ODkxYmE2ZDAxNWJiNDlkODk3ODEwN2IwMA \
-d "redirect_uri"=http://www.example.com
{
"access_token": "NzFiYTM4ZTEwMjcwZTcyZWIzZTA0NmY3NjE3MTIyMjM1Y2NlMmNlNWEyMTAzY2UzYmY0YWIxYmUzNTkyMDcyNQ",
"expires_in": 3600,
"refresh_token": "MDk2ZmIwODBkYmE3YjNjZWQ4ZTk2NTk2N2JmNjkyZDQ4NzA3YzhiZDQzMjJjODI5MmQ4ZmYxZjlkZmU1ZDNkMQ",
"scope": "backoffice_api",
"token_type": "bearer"
}
On client_credentials¶
curl http://openjet.dev/oauth/v2/token \
-d "client_id"=demo_client \
-d "client_secret"=secret_demo_client \
-d "grant_type"=client_credentials
{
"access_token": "NzFiYTM4ZTEwMjcwZTcyZWIzZTA0NmY3NjE3MTIyMjM1Y2NlMmNlNWEyMTAzY2UzYmY0YWIxYmUzNTkyMDcyNQ",
"expires_in": 3600,
"scope": "backoffice_api",
"token_type": "bearer"
}
On password¶
curl http://openjet.dev/oauth/v2/token \
-d "client_id"=demo_client \
-d "client_secret"=secret_demo_client \
-d "grant_type"=password \
-d "username"=api@example.com \
-d "password"=openjet-api
{
"access_token": "NzFiYTM4ZTEwMjcwZTcyZWIzZTA0NmY3NjE3MTIyMjM1Y2NlMmNlNWEyMTAzY2UzYmY0YWIxYmUzNTkyMDcyNQ",
"expires_in": 3600,
"refresh_token": "MDk2ZmIwODBkYmE3YjNjZWQ4ZTk2NTk2N2JmNjkyZDQ4NzA3YzhiZDQzMjJjODI5MmQ4ZmYxZjlkZmU1ZDNkMQ",
"scope": "backoffice_api",
"token_type": "bearer"
}
On implicit mechanism¶
Warning
The implicit mechanism exclusively supports token. And user must be connected on Openjet application.
http://openjet.dev/oauth/v2/auth?client_id=demo_client&response_type=token&redirect_uri=http://www.example.com
Redirect to:
http://www.example.com/#access_token=YzlmMTIxZDU0YmZlNWU4Mzk5YjVkYzdlODZiMzc5NTk1YzgwYzk2Y2RmNjNlN2EyZDJhNjNhZDU0MTM4YTcxMQ&expires_in=3600&token_type=bearer&scope=backoffice_api
Request for a resource¶
Put access token in the request header:
Authorization: Bearer NzFiYTM4ZTEwMjcwZTcyZWIzZTA0NmY3NjE3MTIyMjM1Y2NlMmNlNWEyMTAzY2UzYmY0YWIxYmUzNTkyMDcyNQ
You can now access any resource allowed under /api prefix.
Example¶
curl http://openjet.dev/api/aircrews/
-H "Authorization: Bearer NzFiYTM4ZTEwMjcwZTcyZWIzZTA0NmY3NjE3MTIyMjM1Y2NlMmNlNWEyMTAzY2UzYmY0YWIxYmUzNTkyMDcyNQ"
Note
You have to refresh your token after it expires.
Refresh Token¶
Send request with the following parameters
Definition¶
GET /oauth/v2/token
| Parameter | Parameter type | Description |
|---|---|---|
| client_id | query | Public client id |
| client_secret | query | Client secret |
| grant_type | query | We will use ‘refresh_token’ to authorize as user |
| refresh_token | query | Refresh token generated during authorization |
Example¶
curl http://openjet.dev/oauth/v2/token \
-d "client_id"=demo_client \
-d "client_secret"=secret_demo_client \
-d "grant_type"=refresh_token \
-d "refresh_token"=MDk2ZmIwODBkYmE3YjNjZWQ4ZTk2NTk2N2JmNjkyZDQ4NzA3YzhiZDQzMjJjODI5MmQ4ZmYxZjlkZmU1ZDNkMQ
Exemplary response¶
You can now use new token to send requests
{
"access_token": "MWExMWM0NzE1NmUyZDgyZDJiMjEzMmFlMjQ4MzgwMmE4ZTkxYzM0YjdlN2U2YzliNDIyMTk1ZDhlNDYxYWE4Ng",
"expires_in": 3600,
"token_type": "bearer",
"scope": null,
"refresh_token": "MWI4NzVkNThjZDc2Y2M1N2JiNzBmOTQ0MDFmY2U0YzVjYzllMDE1OTU5OWFiMzJiZTY5NGU4NzYyODU1N2ZjYQ"
}