OAuth2 Authorization

Overview

This topic describes how to authenticate GraphQL APIs which use Postman or a different client using OAuth2 authentication.

Implementing Authorization Using CURL Commands

For this implementation, username and password are application level credentials.

  1. Get a new access token:

    curl -k \
      -d "client_id=admin-cli" \
      -d "username=<username>" \
      -d "password=<password>" \
      -d "grant_type=password" \
      https://<TOS_IP>/auth/realms/tufin-realm/protocol/openid-connect/token
    curl -k \ -d "client_id=admin-cli" \ -d "username=<username>" \ -d "password=<password>" \ -d "grant_type=password" \ https://<TOS_IP>/auth/realms/tufin-realm/protocol/openid-connect/token
  2. Send the request using the token:

    curl -k \
      --header 'Authorization: bearer <access_token>' \
      --header 'Content-Type: application/json' \
      --data '{"query": "query { rules(filter:\"\") { count } }"}' \
      https://<TOS_IP>/v2/api/sync/graphql
    curl -k \ --header 'Authorization: bearer <access_token>' \ --header 'Content-Type: application/json' \ --data '{"query": "query { rules(filter:\"\") { count } }"}' \ https://<TOS_IP>/v2/api/sync/graphql
  3. To refresh the token:

    curl -k \
      -d "client_id=admin-cli" \
      -d "grant_type=refresh_token" \
      -d "refresh_token=<refresh_token>" \
      https://<TOS_IP>/auth/realms/tufin-realm/protocol/openid-connect/token
    curl -k \ -d "client_id=admin-cli" \ -d "grant_type=refresh_token" \ -d "refresh_token=<refresh_token>" \ https://<TOS_IP>/auth/realms/tufin-realm/protocol/openid-connect/token

Implementing Authorization Using Postman

  1. In Postman, in the Authorization Tab, in the Type field, select OAuth2.0.

  2. In the Add Authorization Data field, select Request Headers.

  3. Click Get New Access Token.
    The Get New Access Token window opens.

  4. Select or enter these values for the following fields:

    Field

    Value

    Grant Type Password Credentials
    Access Token URL

    https://<TOS_IP>/auth/realms/tufin-realm/protocol/openid-connect/token

    Client ID admin-cli
    Client Authentication Send as Basic Auth header
  5. Click Get New Access Token.
    The Manage Access Tokens window opens.

  6. Scroll to the bottom of the window and click Use Token to use the new token.

  7. Confirm that the token is populated in the Current Token section.

  8. In the Request Method field, select POST and enter a the following URL:

    https://<TOS_IP>/v2/api/sync/graphql

  9. Click Send.