Skip to main content

Postman Reference Collection for Identity Pools APIs with ROPC Grant Type

Learn how to configure SecureAuth platform to obtain authorization tokens using the Resource Owner Password Credentials Grant type utilizing Identity Pools as the identity provider

Overview

Sometimes high traffic applications require OAuth flows that does not require redirecting the users and have high level of trust to interface directly with the OAuth authorization server for minting access tokens. Even though Resource Owner Password Credentials flow does not fit into the OAuth spectrum for delegated user authentication, it does serve its purpose for applications which do not want user redirect flows and want to still mint user access tokens at scale. This model can simply be compared as an equivalent to using a direct authentication API from the a provider that returns authentication tokens in the form of JWT represented as access and ID tokens to get the best of both worlds where apps do not want to sacrifice user experience and want to achieve peak scales.

In this tutorial, we will configure and run a Postman collection that showcases basic workflows using SecureAuth identity pools and configures resource owner password credentials flow to obtain access token from SecureAuth as the OAuth authorization server.

This Postman collection is provided as a stepping stone for developers or integrators to understand various API calls, payloads, and authentication mechanism which, in turn, allows developers to quickly prototype or codify into programming language of their choice.

Prerequisites

  • SecureAuth SaaS Tenant

  • Access to Admin & System workspace - Reach out to info@cloudentity.com if you are not a paid customer to get these enabled.

Configure SecureAuth API access

For making SecureAuth API calls, we need to provision one OAuth client application in the Admin workspace and another one in the System workspace. SecureAuth APIs are available for access using one of the tokens as mentioned in the API docs.

  • Admin OAuth API client

    By default, client credentials grant type is disabled in Admin workspace. In the Admin workspace OAuth settings enable the client_credentials flow.

    admin grant types

    Navigate to the Admin workspace and create an OAuth client application of the service type.

    admin api client

    admin api scopes

  • System OAuth API client

    Navigate to the System workspace and create an OAuth client application of the service type.

    system scopes

    system scopes

    Subscribe to Identity API scopes as highlighted below:

    system scopes

Use SecureAuth Identity Pools APIs

  1. Import Postman collection from the following URL: Identity Pool API

  2. Configure the following environment variables in your Postman:

    Env VariableDescriptionSample Value
    urlTenant host urlpi314.us.connect.secureauth.com
    tenant_idTenant identifierpi314
    admin_client_idAdmin API client idObtained from above step after admin api client create
    admin_client_secretAdmin API client secretObtained from above step after admin api client create
    system_client_idSystem API client idObtained from above step after system api client create
    system_client_secretSystem API client secretObtained from above step after system api client create
    workspace_idWorkspace id created by scriptspool-demo-workspace
    schema_idSchema created by postman scriptspool-demo-schema
    pool_idPool id created by postman scriptspool-demo-identity-pool
    {
      "id": "58247b42-7e9a-4598-8fe7-f137138a6526",
      "name": "CE Identity Pool APIs Env",
      "values": [
        {
          "key": "url",
          "value": "",
          "enabled": true
        },
        {
          "key": "tenant_id",
          "value": "",
          "enabled": true
        },
        {
          "key": "admin_client_id",
          "value": "",
          "enabled": true
        },
        {
          "key": "admin_client_secret",
          "value": "",
          "enabled": true
        },
        {
          "key": "system_client_id",
          "value": "",
          "enabled": true
        },
        {
          "key": "system_client_secret",
          "value": "",
          "enabled": true
        },
        {
          "key": "workspace_id",
          "value": "pool-demo-workspace",
          "enabled": true
        },
        {
          "key": "schema_id",
          "value": "pool-demo-schema",
          "enabled": true
        },
        {
          "key": "pool_id",
          "value": "pool-demo-identity-pool",
          "enabled": true
        }
      ],
      "_postman_variable_scope": "environment",
      "_postman_exported_at": "2022-07-12T03:47:47.667Z",
      "_postman_exported_using": "Postman/7.36.6"
    }

  3. Run the collection.

    Now that you have the collection imported and environment variables configured, you can go ahead and try the APIs from top to bottom.

    identity apis

Summary

Now, you can either automate or codify these API calls into your applications based on the workflow you are looking for.