Hub
Design & document all your REST APIs in one collaborative platform.
SwaggerHub Enterprise
Standardize your APIs with projects, style checks, và reusable domains.
SwaggerHub Explore
Instantly evaluate the functionality of any API
Swagger Codegen
Generate hệ thống stubs & client SDKs from Open
API Specification definitions
API editor for designing APIs with the Open
API & Async
API specifications.
Bạn đang xem: Json web token
Swagger UI Visualize Open
API Specification definitions in an interactive UI.
OAS 3 This guide is for Open
API 3.0.
Bearer Authentication
Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access lớn the bearer of this token.” The bearer token is a cryptic string, usually generated by the hệ thống in response khổng lồ a login request. The client must send this token in the Authorization header when making requests khổng lồ protected resources:Authorization: Bearer The Bearer authentication scheme was originally created as part of OAuth 2.0 in RFC 6750, but is sometimes also used on its own. Similarly to Basic authentication, Bearer authentication should only be used over HTTPS (SSL).
Describing Bearer Authentication
In OpenAPI 3.0, Bearer authentication is a security scheme with type: http & scheme: bearer. You first need to define the security scheme under components/security
Schemes, then use the security từ khóa to apply this scheme lớn the desired scope – global (as in the example below) or specific operations:openapi: 3.0.0...# 1) Define the security scheme type (HTTP bearer)components: security
Schemes: bearer
Auth: # arbitrary name for the security scheme type: http scheme: bearer bearer
Format: JWT # optional, arbitrary value for documentation purposes# 2) Apply the security globally to lớn all operationssecurity: - bearer
Auth: <> # use the same name as above
Optional bearer
Format is an arbitrary string that specifies how the bearer token is formatted. Since bearer tokens are usually generated by the server, bearer
Format is used mainly for documentation purposes, as a hint lớn the clients. In the example above, it is "JWT", meaning JSON web Token. The square brackets <> in bearer
Auth: <> contain a list of security scopes required for API calls. The các mục is empty because scopes are only used with OAuth 2 & Open
ID Connect. In the example above, Bearer authentication is applied globally lớn the whole API. If you need lớn apply it to lớn just a few operations, địa chỉ cửa hàng security on the operation cấp độ instead of doing this globally:paths: /something: get: security: - bearer
Auth: <>Bearer authentication can also be combined with other authentication methods as explained in Using Multiple Authentication Types.
401 Response
You can also define the 401 “Unauthorized” response returned for requests that bởi not contain a proper bearer token. Since the 401 response will be used by multiple operations, you can define it in the global components/responses section and reference elsewhere via $ref.paths: /something: get: ... Responses: '401': $ref: '#/components/responses/UnauthorizedError' ... Post: ... Responses: '401': $ref: '#/components/responses/Unauthorized
Error' ...components: responses: Unauthorized
Error: description: Access token is missing or invalid
To learn more about responses, see Describing Responses.
Xem thêm: Dẫn V Lít (Ở Đktc) Hỗn Hợp X Gồm Axetilen Và Hiđro Đi Qua Ống Sứ Đựng Bột Niken
Did not find what you were looking for? Ask the community
Found a mistake? Let us know
xemlienminh360.net Connect supports user impersonation using the JWT Bearer token authorization grant type for OAuth 2.0. This authorization method allows apps with the appropriate scope (ACT_AS_USER) khổng lồ access resources & perform actions in Jira và Confluence on behalf of users.
Note that the JWT Bearer token authorization grant type for OAuth 2.0 is different from OAuth 2.0 authorization code grants. JWT Bearer token authorization grant type for OAuth 2.0, also known as two-legged OAuth with impersonation (2LOi), can only be used in Connect apps. OAuth 2.0 authorization code grants, also known as three-legged OAuth (3LO), can be used in any apps or integrations.
Flow for user impersonation authorization grants
The flow for accessing a user's resources works as follows:
Client
Id & the shared secret.App creates a JWT assertion with the shared secret and the oauth
Client
Id, & then POSTs it khổng lồ the authorization server.Authorization hệ thống returns an OAuth 2.0 access token.App uses the access token to lớn perform actions as a user.
Request an OAuth 2.0 access token
For an app to make requests on a user's behalf, you need an OAuth 2.0 access token. These steps describe how a token is retrieved:
Admin installs the app: This initiates the installation handshake with the oauth
Client
Idand the shared secret in the request body:
| iss | String | The issuer of the claim. For example: urn:xemlienminh360.net:connect:clientid:oauth Client Id |
| sub | String | The subject of the token. For example: urn:xemlienminh360.net:connect:useraccountid:account ID of the user to run services on behalf of Note: urn:xemlienminh360.net:connect:userkey:userkey of the user khổng lồ run services on behalf of has been deprecated. |
| tnt | String | The instance the ứng dụng is installed on. For example: https://your-instance.xemlienminh360.net.net. For a Confluence instance, địa chỉ cửa hàng /wiki to lớn the end. |
| aud | String | The xemlienminh360.net authentication server: https://oauth-2-authorization-server.services.xemlienminh360.net.com |
| iat | Long | Issue time in seconds since the epoch UTC. |
| exp | Long | Expiry time in seconds since the epoch UTC. Must be no later that 120 seconds in the future. |
OAuth bearer token generated: The assertion and the payload are POSTed lớn the authorization server: https://oauth-2-authorization-server.services.xemlienminh360.net.com/oauth2/token Example request:
