Hello,
We have a Java application that accesses via BASIC user.
This works for the BASIC wsdl interface and also the OAuth variant.
Is it also possible to use the Windows accounts via OAuth?
If so, what does the OAuth server expect in the request?
The IDP returns “windows_credentials” and “windows_auth” for “grant_types_supported”, among other things. Is that the Windows login? If so, how does it work ? I haven’t found anything about it.
With kind regards
Thomas
Might this article be helpful?
Also, this is a new sample called OAuth login flow, so this might be helpful.
Hello,
The first link is a reference and description of a C# DLL. This is not usable for us, because our application is a Java application. There is no possibility to use C# DLLs here. Therefore, we also use the protocol integration.
I already knew the example from the second link.
I had taken out the links and property names from the IDP server that are not listed anywhere else in the documentation.
Our application is a service that works without an interactive login. The way shown in the example does not work for us.
The usual OAuth2 way via “password”-grant works for BASIC users.
Hence the question of how this is supposed to work for Windows users. Two grants are returned in the list from the IDP server, one of which could be this.
What exactly is expected as a parameter in the HttpPost for these grants?
I can’t find anything on the internet about the two “Windows grant types”. This seems to be specific to their IDP server.
Thomas
We have asked Milestone Development. Please see their comment below.
-----
The gran type to use for windows authentication when requesting an access token is: “windows_credentials”. A part from this the client_id needs to be provided. This is a short code snippet that shows how to get a access token using windows credentials:
/// <summary>
/// Get a token for the windows user specified in the constructor
/// </summary>
/// <param name="scope">Requested scope in the token</param>
/// <param name="cancellationToken">Used to cancel calls made to the IDP</param>
/// <returns>The token</returns>
/// <exception cref="IdpException">Http request is not successful</exception>
public Task<TokenResponse> WindowsAuthenticationAsync(string scope,
CancellationToken cancellationToken)
{
var postValues = new List<KeyValuePair<string, string>>()
{
new KeyValuePair<string, string>("grant_type", "windows_credentials"),
new KeyValuePair<string, string>("client_id", _identityServerClientSettings.ClientId),
};
if (!string.IsNullOrEmpty(scope))
{
postValues.Add(new KeyValuePair<string, string>("scope", scope));
}
HttpContent content = new FormUrlEncodedContent(postValues);
var request = new HttpRequestMessage(HttpMethod.Post, BuildFullUri("/connect/token")) { Content = content };
return SendAndReadContent<TokenResponse>(request, cancellationToken);
}
The actual windows user credentials set up on the HTTP client and the calling user will be authenticated. How this works in java we do not know.
-----
Thank you very much for the information.
That was the missing information.
The crucial hint was that the login information from the Http login is used.
With that, it now works for us.