All pages
Powered by GitBook
1 of 4

Additional Resources

In this section, you will find additional resources related to authentication

Postman CollectionExample in JavascriptAuthentication ErrorsFAQ Autenticação

Example in Javascript

In this section, you will find an example of implementing authentication for the Unico IDCloud platform in JavaScript

const fs = require('fs')
const path = require('path')
const jwt = require('jsonwebtoken')
const request = require('request')

// settings
const basePath = 'https://identityhomolog.acesso.io'

// entry point
let options = {
    serviceAccount: 'svcapp1',
    tenant: "9ea3c3bd-4447-4c3b-ae2e-504b795d3733"
}

requestAnAccessToken(createServiceAccountToken(options), (err, accessToken) => {
    let payload = jwt.decode(accessToken.access_token)
    console.log('Response:')
    console.log(' Access Token: ', accessToken.access_token)
    console.log(' ID: ', payload.jti)
    console.log(' Issuer: ', payload.iss)
    console.log(' Subject: ', payload.sub)
    console.log(' expires_in: ', accessToken.expires_in)
    console.log(' Expiration Date: ', new Date(payload.exp))
    console.log(' Creation Date: ', new Date(payload.iat))
})

// functions
function createServiceAccountToken({tenant, serviceAccount, account = ''}) {
    // Reads the service account private key
    let privateKey = fs.readFileSync(path.resolve(`${serviceAccount}.key.pem`))

    // Prepare the request
    let payload = {
        iss: `${serviceAccount}@${tenant}.iam.acesso.io`,
        aud: basePath,
        scope: '*',
        exp: Math.floor(Date.now() / 1000) + 3600,
        iat: Math.floor(Date.now() / 1000)
    }
    // Service account is requesting an access token for another user?
    if (account) {
        payload.sub = account
    }

    // Create JWS
    return jwt.sign(payload, privateKey, { algorithm: 'RS256' })
}

function requestAnAccessToken(serviceToken, callback) {
    // Prepare the request
    let options = {
        method: 'POST',
        url: `${basePath}/oauth2/token`,
        headers: {'content-type': 'application/x-www-form-urlencoded'},
        form: {
            grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer' ,
            assertion: serviceToken
        }
    }
    console.log('Requesting Access Token with self created token:' )
    console.log('', serviceToken)

    // Ask identity and authorization server for an access token
    request(options, (error, response, body) => {
        if (error) {
            callback(new Error(error))
        }

        body = JSON.parse(body)

        if (body.error) {
            callback(new Error(`${body.error}: ${body.error_description}`))
        }

        callback(null, body)
    })
}

Still need help?

Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.

Authentication Errors

In this section, you will find the possible errors that may occur when trying to authenticate on the Unico IDCloud platform.

The errors returned in the request can be identified by the codes below and have the following structure:

{
  "error": "server_error",
  "error_description": "Falha na autenticação x.x.x"
}
Name
Description

1.0.1

Check if the ID provided in the formation of "iss" is the correct tenant ID given during the generation of the private key.

1.0.14

Check with the project manager if the application being used is active.

1.1.1

The "scope" parameter was not provided in the payload of the JWT used in the request.

1.2.4

The JWT used in the request has expired. Check the value specified in the "exp" field of the payload.

1.2.5

The JWT used in the request cannot be validated. Verify the parameters provided and ensure that it was signed correctly.

1.2.6

The private key used to sign the JWT in the request is no longer acceptable. Request new credentials for the account used.

1.2.7

The JWT used in the request is no longer acceptable as it has already been used. Generate a new token to make a new request.

1.2.11

The account used is not active.

1.2.14

The account used does not have the necessary permissions.

1.2.18

The account used has been temporarily locked due to exceeding the number of invalid authentication attempts.

1.2.19

The account used is not authorized to impersonate another user account (remove the "sub" parameter from the payload).

1.2.20 1.2.21

Failed to decode the JWT used in the request. Use a new token by including only the fields specified in the "Mandatory Fields" and "Additional Fields" sections, adhering to the naming, semantics, and type of each field.

1.2.22

The JWT used in the request contains additional fields in the payload that are not allowed. Use a new token by including only the fields specified in the "Mandatory Fields" and "Additional Fields" sections, adhering to the naming, semantics, and type of each field.

1.3.1

The account used has source IP restrictions.

1.3.2

The account used has access date/time restrictions.

Still need help?

Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.

Postman Collection

In this section, you will find the Postman collection for the REST API to authenticate on the Unico IDCloud platform

Download the file below, import it into Postman, and replace the values of the parameters "service_account," "tenant_id," and "secret_key" to test the request.

338KB
oauth2.postman_collection.json

Still need help?

Didn't find something or still need help? If you're already a client or partner, you can reach out through our Help Center.