This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Basic Auth Request Path Authentication
The Basic Authentication Request Path Authenticator is engaged when user credentials (username and password) are sent along with a request for authentication. If the user credentials are valid, the user is authenticated by the authentication framework and the corresponding response builder takes over. The user credentials can be sent to the Basic Auth request path authenticator in two ways.
- As a header in the authentication request:
"Authorization: Basic <base64 encoded username:password>"
- As a query parameter in the request URL:
"§oken=<base64 encoded username:password>"
For more information on Request Path Authentication in general, see Request Path Authentication.
Prerequisite
In order to get the authorization code using request path authentication, you have to either provide "approve always" consent before sending the request or configure the <SkipUserConsent>
value in the <IS_HOME>/repository/conf/identity/identity.xml
file to true
. If you change the identity.xml file, you must send a prompt attribute with value none
in the authorization request.
Using the authorization header
- Start the IS server and login to the management console.
- Navigate to Service Providers>Add, enter a name for the new service provider and click Add.
Expand the Inbound Authentication Configuration section, then the OAuth2/OpenID Connect Configuration and click Configure. For more information, see Configuring OAuth/OpenID Connect.
Use the following Callback URL when configuring OAuth: https://curl-app/callback.
- Click Add and take note of the Client Key that is generated as you will need this later on.
- Expand the Local & Outbound Authentication Configuration section and then the Request Path Authentication Configuration section.
- Select basic-auth from the dropdown and click Add.
- Click Update to save changes to the service provider.
Send a cURL request with the
<SEC_TOKEN>
in the authorization header, to the token endpoint. Replace the<SEC_TOKEN>,CLIENT_ID>
and<REDIRECT_URI>
tags with the relevant values.The
<SEC_TOKEN>
in the Authorize Endpoint will be theusername:password
in Base64 encoded format. You can use a Base64 encoder to encode this. For instance, the username and passwordadmin:admin
, is "sectoken=YWRtaW46YWRtaW4=".
Requestcurl -v -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "response_type=code&client_id=OGeIUgBy60JLvXM7TX4f3ypMwl4a&redirect_uri=http://localhost:8080/playground2/oauth2client&scope=openid&prompt=none" http://localhost:9763/oauth2/authorize
ResponseLocation: http://localhost:8080/playground2/oauth2client?code=8a498de9-1f5d-3bd0-a3c9c06be6e08151&session_state=61cd6d0ac6f73bf2bab6f5d710d446c6592b6bedb01c240c1377312118f3e186.N92JLOL5gufcXSwxh2V4xg
Using the request URL
- To try out request path authentication by sending the user credentials as a query parameter in the request URL with the WSO2 Playground sample, see Try Request Path Authentication.