Getting Started With Authentication - HearstCorp/rover-wiki GitHub Wiki
Note: More information about authentication can be found here
- Admin Login User
./manage.py createsuperuser
- RSA Key
./manage.py creatersakey
- Client ID and Secret
- Login to admin (ie
rover.local/admin/
) - Create client in admin (ie
rover.local/admin/oidc_provider/client/
)
- Login to admin (ie
-
Create signature using a sha256 hash of the client_id + client_secret + timestamp
-
Pass the client_id, this signature, and the timestamp used to generate it in as headers to any call.
-
These can all be generated for testing using
bin/generate-sig.py --id <client_id> --secret <client_secret>
GET /v1/people HTTP/1.1 Host: doorman.hearst.io Content-Type: application/json Authorization: Doorman-SHA256 Credential=1h43tj2g872jj428gj2 Signature: bfec0eee6fd6bb648a028fbec5ee18c3bd1f3015 Timestamp: 1441027325
-
Retrieve access_token from the token endpoint by passing in POST data
POST /openid/token HTTP/1.1 Host: prod-rover.mediaos.hearst.io Content-Type: application/x-www-form-urlencoded client_id=12345678 &client_secret={client_secret} ×tamp=1441027325 &[email protected] &password=password &grant_type=password &scope=openid user roles profiles
-
Save this access_token locally as well as the refresh_token
-
Retrieve the users userinfo by sending the token in an Authorization header
POST /openid/userinfo/ HTTP/1.1 Host: prod-rover.mediaos.hearst.io Authorization: Bearer ACCESS_TOKEN
-
If your token expires you can refresh it using the token endpoint again
POST /openid/token HTTP/1.1 Host: prod-rover.mediaos.hearst.io Content-Type: application/x-www-form-urlencoded refresh_token=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7 &client_id=12345678 &client_secret={client_secret} &grant_type=refresh_token
- I can't login to the edit ui
- Do you have a user?
./manage.py createsuperuser
- Do you have an RSA Key?
./manage.py creatersakeyifnone
- Do you have a client id and secret?
bin/setup-clients
- Do you have a role on that site?
http://{rover-url}/admin/people/user/
- Do you have a user?