Password Mode

Workflow

Example request:

curl -v -X POST 'https://{digiRunner_DOMAIN}/oauth/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic {client_secret}' \
-d 'grant_type=password' \
-d 'username={username}' \
-d 'password={user_secret}'

Parameters with details:

Parameter

Type

Requirement

Description

client_secret

String

Required

1. Client Password registered with digiRunner; needs to be encoded with Base64

2. Concatenate the client ID with ":" and the encoded client password, then encode the result with Base64 again to generate the value to be used

3. Example:

Client ID: tspclient

Client Password: tsp123abcd

Formula for generating the value:

Base64 Encode(ClientID+":"+Base64 Encode(Client Password))

Base64 Encode(tspclient+":"+Base64 Encode(tsp123abcd))

Base64 Encode(tspclient:dHNwMTIzYWJjZA==)

Output for client_secret:

dHNwY2xpZW50OmRITndNVEl6WVdKalpBPT0=

grant_type

String

Required

password, a fixed value

username

String

Required

User account applied with digiRunner

user_secret

String

Required

User password applied with digiRunner, which needs to be Base64 encoded (e.g., if the password is "user123abcd," after encoding, it will be "dXNlcjEyM2FiY2Q="). Use the encoded value as the Value.

Example

User Password: user123abcd

Formula for generating the value of user_secret:

Base64Encode(User Password))

Output for user_secret:

dXNlcjEyMw==

Example of Successful Response

Example:

{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJub2RlIjoiZXhlY3V0b3IxIiwiYXVkIjpbIllXUnRhVzVCVUVrIl0sInVzZXJfbmFtZSI6InRzcHVzZXIiLCJvcmdfaWQiOiIxMDAwMDAiLCJzY29wZSI6WyIyMDAwMDAwMDA2Il0sInN0aW...",
"expires_in": 86399,
"jti": "3a26a644-4fb4-45bc-83a7-a0f583643bf0",
"node": "executor1",
"org_id": "100000",
"refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJub2RlIjoiZXhlY3V0b3IxIiwiYXVkIjpbIllXUnRhVzVCVUVrIl0sInVzZXJfbmFtZSI6InRzcHVzZXIiLCJvcmdfaWQiOiIxMDAwMDAiLCJzY29wZSI6WyIyMDAwMDAwMDA2Il0sImF0aS...",
"scope": "2000000006",
"stime": 1684833178931,
"token_type": "bearer"
}

Example of Error Response

If the user password is incorrect, a 401 Unauthorized HTTP status code and JSON response will be returned.

Example:

{
"error": "invalid_grant",
"error_description": "Bad credentials"
}

Calling APIs Registered in digiRunner with Access Token

After obtaining the access token issued by digiRunner, TSP can utilize the associated permissions to call APIs registered in digiRunner.

For the request example and parameter with details, refer to OpenID Connect (OIDC) Mode > Calling APIs Registered in digiRunner with Access Token.

PreviousClient Credentials Mode NextUsing X API Key for Authentication and Authorization

Was this helpful?