WSO2 Identity Server acts as a SCIM Service Provider (both hub and spoke type service providers) as well as SCIM Service Consumer.
WSO2 Identity Server as a SCIM Service Provider explains how to consume SCIM REST endpoints in WSO2 IS, with cURL using Basic Auth authentication. WSO2 IS supports OAuth bearer token-based authentication for SCIM REST endpoints. This section explains how to leverage the OAuth 2.0 feature of IS in order to authenticate to SCIM REST endpoints of IS.
Procedure:
- Step 1 - Create an application entry and view its details.
- Step 2 - Obtain a valid access token in order to get authenticated to SCIM REST endpoints.
Step 1
- Login to WSO2 Identity Server as an admin.
- Access the management console and click OAuth under Manage in the Main menu.
- Create a new entry for an OAuth client application by clicking Register New Application.
- After creating the application entry, click on it to view its details as shown below.
- Now copy the Client Id, Client Secret and Access Token Url for future use.
Step 2
We can use resource owner password credential grant type for this. Format of the the curl command to obtain the access token is:
curl --user Client Id:Client Secret -k -d "grant_type=password&username=username&password=password" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2endpoints/token
You need to replace the bold strings in the above command with valid values copied from the step 1 above and the username & password of the resource owner. (You can use admin,admin for that in default pack)
Once you execute the above command, you will get a response as below:
{"token_type":"bearer","expires_in":3600,"refresh_token":"16e3de3b7af4e7a43b7e56cd9362ff","access_token":"492d8b51cb815bbe143f219ac2cf61c3"}
Copy the access token value in the above response.