So, I have found this <https://apereo.atlassian.net/wiki/spaces/CASUM/pages/103261384/Configuration+for+the+OAuth+server+support> documentation.
Should I implement a class that implements this interface? h) OAuth20ProfileController (org.jasig.cas.support.oauth.web) This controller returns a profile for the authenticated user (identifier + attributes), found with the access token (CAS granting ticket). What methods do I need to overwrite to create my wrapper? Is there any documentation of this class? At least I would like to have original source code to take a look into it. Thank you for the help, as you can see I am a little lost on how to do it. Aleix El miércoles, 8 de noviembre de 2023 a las 15:50:22 UTC+1, Aleix Mariné escribió: > > Dear Meysam, > > Thank you for your response. > > I imagined the possibility of adding a bean that acts as a wrapper for > that particular endpoint, but I do not know what bean I need to > implement... Do you have any hint or tip of how this should be implemented? > Or where I can find a documentation that talks about this process? Do you > know any similar examples that I can take a look from? > > Thank you so much! > > > Aleix > > El miércoles, 8 de noviembre de 2023 a las 4:25:45 UTC+1, Meysam Shirazi > escribió: > >> I think you need to develop a wrapper API for profile-url like this(a >> normal api):https://www.googleapis.com/oauth2/v3/userinfo, so you can >> get the uid and send it in custom format to >> https://api.sandbox.orcid.org/v3.0/{uid}/record >> <https://api.sandbox.orcid.org/v3.0/%7Buser%7D/record>. >> >> On Tuesday, November 7, 2023 at 5:20:48 PM UTC+3:30 Aleix Mariné wrote: >> >>> So I am trying to implement ORCID authentication using three-legged >>> OAUTH which uses the OAUTH2 stack. >>> >>> In the ORCID documentation they explain three calls that can be made >>> <https://sandbox.orcid.org/developer-tools> and also there is a >>> tutorial on how to get an ORCID ID authenticated >>> <https://info.orcid.org/documentation/api-tutorials/api-tutorial-get-and-authenticated-orcid-id/> >>> . >>> expand_more*Authorize request* >>> >>> Provides an authorization code that can be exchanged for an access token >>> and an authenticated ORCID iD. >>> *Endpoint* >>> >>> https://sandbox.orcid.org/oauth/authorize >>> *Scope* >>> >>> /authenticate >>> *Response type* >>> >>> code >>> >>> https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=code&scope=/authenticate&redirect_uri=REPLACE >>> >>> WITH REDIRECT URI >>> expand_more*Token request* >>> >>> Provides an authenticated ORCID iD and an access token that can be used >>> to read public information on the record. >>> *Endpoint* >>> >>> https://sandbox.orcid.org/oauth/token >>> *Response type* >>> >>> access token and ORCID iD >>> curl -i -L -k -H 'Accept: application/json' --data >>> 'client_id=APP-UL39T4BGTQ3TNB4L&client_secret=187854af-f113-43da-8de5-eeed661aacce&grant_type=authorization_code&redirect_uri=REPLACE >>> >>> WITH REDIRECT URI&code=REPLACE WITH OAUTH CODE' >>> https://sandbox.orcid.org/oauth/token >>> expand_more*OpenID/Implicit request* >>> >>> Provides an access token that can be used to read public information on >>> the record and an id_token using OpenID Connect and client-side only >>> implicit OAuth. More information on OpenID Connect Endpoint >>> <https://github.com/ORCID/ORCID-Source/blob/main/orcid-web/ORCID_AUTH_WITH_OPENID_CONNECT.md> >>> *Endpoint* >>> >>> https://sandbox.orcid.org/oauth/token >>> *Scope* >>> >>> openid >>> *Response type* >>> >>> token >>> >>> https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=token&scope=openid&redirect_uri=REPLACE >>> >>> WITH REDIRECT URI >>> >>> In my CAS I put this properties: >>> cas.authn.pac4j.oauth2[0].clientName=ORCID >>> cas.authn.pac4j.oauth2[0].profileVerb=GET >>> cas.authn.pac4j.oauth2[0].secret=secretID >>> cas.authn.pac4j.oauth2[0].id=APP-UL39T4BGTQ3TNB4L >>> cas.authn.pac4j.oauth2[0].auth-url= >>> https://sandbox.orcid.org/oauth/authorize >>> cas.authn.pac4j.oauth2[0].scope=/authenticate >>> cas.authn.pac4j.oauth2[0].token-url= >>> https://sandbox.orcid.org/oauth/token >>> cas.authn.pac4j.oauth2[0].profile-url= >>> https://api.sandbox.orcid.org/v3.0/{user}/record >>> >>> cas.authn.pac4j.oauth2[0].customParams.response_type=code >>> cas.authn.pac4j.oauth2[0].customParams.client_id=code >>> cas.authn.pac4j.oauth2[0].profileAttrs.phone=phone >>> cas.authn.pac4j.oauth2[0].profileAttrs.id=APP-UL39T4BGTQ3TNB4L >>> cas.authn.pac4j.oauth2[0].profileAttrs.homeAddress=address >>> >>> The problem comes from the property token-url. In order to retrieve the >>> data of the user, I need to do an API request to the direction >>> https://api.sandbox.orcid.org/v3.0/{user}/record , the problem is that >>> I do not know how to configure CAS to substitute {user} with the User ID >>> that is trying to log in. >>> For example, let's say that the user 0009-0005-6065-7965 tries to log >>> in. Then to retrieve their data I would do a request to >>> https://api.sandbox.orcid.org/v3.0/0009-0005-6065-7965/record . >>> I am also not really sure if I really need to use the user record >>> endpoint, since the token request also returns information of the user, but >>> I also do not know how to capture and manipulate that information. >>> In practise, my CAS works alogside my application, offering the ORCID ID >>> as one of the login methods. The redirection to the ORCID service, the >>> login and the redirection back to CAS works good, the problem comes from >>> capturing data when the ORCID login goes back to CAS. >>> So I would like to know: >>> - Do I really need to set and use the profile-url? If it is true, how >>> can I make understand CAS that needs to substitute {user} with the ORCID ID >>> of the user that is trying to log in? >>> - Do I really need to capture certain values from the request to perform >>> the authentication? How can I retrieve custom values from the request >>> answer? >>> Thank you so much for your help! >>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b95e8c5d-ec66-445c-98ff-cd18ffc2c949n%40apereo.org.
