Intelligent Document Processing
processmaker.comKnowledge CenterDevelopers Corner
  • ProcessMaker Intelligent Document Processing
  • What's New
  • Release Notes
  • Glossary
  • 🟦IDP User
    • Document Management
      • Files and Folders
      • Preview a Document
      • Version Control
      • Access Control
      • Elastic Search
    • Intelligent Document Processing
  • 🟪IDP Administrator
    • Entity Management
      • Create a New Entity
    • Excel Import and Export
    • OCR Service
    • Classification Service
    • Named Entity Recognition
    • Annotations
    • Authorization
      • Example Authorization Configuration
    • Importer
    • Elastic Search Configuration
    • Email Integration
    • Email Notifications
    • Audit Log
    • Retention Management
    • Power BI
    • Exports
    • Translations
  • 🟦ProcessMaker Administrator and Designer
    • IDP Admin Settings
    • IDP Connector in Processes
  • 🟩IDP Developer
    • REST API Home
    • Key Concepts
    • Authentication
    • Request Syntax
    • Endpoints for Entity Objects
    • Endpoints for Documents
    • WebSockets
Powered by GitBook
On this page
  • Overview
  • Retrieve an Access Token
  • auth Endpoint
  • token Endpoint
  • Obtain Keycloak temporary code to subsequently grant access to the IDP instance.
  • Obtain Keycloak temporary code to subsequently grant access to the IDP instance.
  • userinfo Endpoint
  1. IDP Developer

Authentication

Learn how to retrieve access tokens.

PreviousKey ConceptsNextRequest Syntax

Last updated 12 months ago

Overview

The ProcessMaker IDP API uses OpenID Connect for authentication. is an authentication protocol that is an extension of OAuth 2.0.

Below is OpenID Connection configuration base URL to get details about all security endpoints:

https://{idp-keycloak}/auth/realms/{realm}/.well-known/openid-configuration

The ProcessMaker IDP REST API uses Keycloak's implementation of OIDC. For more info about Keycloak, please refer to the .

Retrieve an Access Token

Keycloak Server OIDC URI endpoints are relative URLs. The ProcessMaker IDP REST API supports grant types that Keycloak supports. By default, this API uses password credentials as the grant type.

Prior to sending an initial request to Keycloak for an authentication token, ensure that you have the following:

  • Username and password when using password credentials as the grant type

  • Your IDP instance's Client Secret

Keycloak can obtain the client ID from a request in either of the following ways:

  • The client_id parameter in the query (described in Section 2.2 of the )

  • client_id as a query parameter that you supply in your request

All endpoints require the Keycloak realm name ProcessMaker IDP configures for your instance. If you do not know your instance's realm name, consult with your Customer Service Manager or ProcessMaker Support.

auth Endpoint

Consider the following base URL example which uses the auth endpoint:

https://{idp-keycloak}/api/realms/{realm}/protocol/openid-connect/auth

token Endpoint

Obtain Keycloak temporary code to subsequently grant access to the IDP instance.

POST https://{idp-keycloak}/api/realms/{realm-name}/protocol/openid-connect/token

Obtain Keycloak temporary code to subsequently grant access to the IDP instance.

POST https://{idp-keycloak}/api/realms/{realm-name}/protocol/openid-connect/token

Use the token endpoint in the base URL to obtain a temporary code from Keycloak in the Authorization Code Flow or to obtain tokens via the Implicit Flow, Direct Grants, or Client Grants.

Path Parameters

Name
Type
Description

client_id*

String

grant_type*

String

Grant type to authenticate with Keycloak. By default use password grant type.

username*

String

Username provided by ProcessMaker IDP.

password*

String

Password corresponding with username parameter.

Path Parameters

Name
Type
Description

client_id*

String

UahPzgNf9wYx

grant_type*

String

82BXeyjecKyx

username*

String

Fpwz43Y8GiNT

password*

String

BCvDSDkD1ky9

After receiving the Keycloak token, place it into the header for subsequent requests to your IDP instance with the following key and corresponding value:

  • Key: Authorization

  • Value: Bearer {Keycloak-token}

Refresh the token with the following POST request in subsequent calls:

POST https://{idp-instance}/token/refresh

userinfo Endpoint

Use the userinfo endpoint in the base URL for the Authorization Code Flow to turn a temporary code into a token:

https://{idp-keycloak}.processmaker.com/api/realms/{realm-name}/protocol/openid-connect/userinfo

Keycloak client ID. Described in Section 2.2 of the ).

🟩
OpenID Connect (OIDC)
official documentation
OAuth 2.0 Specification
OAuth 2.0 Specification