Authentication
Learn how to retrieve access tokens.
Last updated
Learn how to retrieve access tokens.
Last updated
The ProcessMaker IDP API uses OpenID Connect for authentication. is an authentication protocol that is an extension of OAuth 2.0.
Below is OpenID Connection configuration base URL to get details about all security endpoints:
The ProcessMaker IDP REST API uses Keycloak's implementation of OIDC. For more info about Keycloak, please refer to the .
Keycloak Server OIDC URI endpoints are relative URLs. The ProcessMaker IDP REST API supports grant types that Keycloak supports. By default, this API uses password credentials as the grant type.
Keycloak can obtain the client ID from a request in either of the following ways:
The client_id
parameter in the query (described in Section 2.2 of the )
client_id
as a query parameter that you supply in your request
All endpoints require the Keycloak realm name ProcessMaker IDP configures for your instance. If you do not know your instance's realm name, consult with your Customer Service Manager or ProcessMaker Support.
auth
EndpointConsider the following base URL example which uses the auth
endpoint:
token
EndpointPOST
https://{idp-keycloak}/api/realms/{realm-name}/protocol/openid-connect/token
POST
https://{idp-keycloak}/api/realms/{realm-name}/protocol/openid-connect/token
Use the token
endpoint in the base URL to obtain a temporary code from Keycloak in the Authorization Code Flow or to obtain tokens via the Implicit Flow, Direct Grants, or Client Grants.
client_id*
String
grant_type*
String
Grant type to authenticate with Keycloak. By default use password
grant type.
username*
String
Username provided by ProcessMaker IDP.
password*
String
Password corresponding with username
parameter.
client_id*
String
UahPzgNf9wYx
grant_type*
String
82BXeyjecKyx
username*
String
Fpwz43Y8GiNT
password*
String
BCvDSDkD1ky9
After receiving the Keycloak token, place it into the header for subsequent requests to your IDP instance with the following key and corresponding value:
Key: Authorization
Value: Bearer {Keycloak-token}
Refresh the token with the following POST
request in subsequent calls:
userinfo
EndpointUse the userinfo
endpoint in the base URL for the Authorization Code Flow to turn a temporary code into a token:
Keycloak client ID. Described in Section 2.2 of the ).