OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0. It allows clients (such as applications or APIs) to verify the identity of users or services securely. OIDC provides authentication (who you are) while OAuth 2.0 mainly handles authorization (what you can do).
In simpler terms, OIDC allows our API to confirm who is making the request and what permissions they have before granting access.
For machine-to-machine (M2M) authentication, we use service accounts . A service account is a non-human identity that can authenticate and interact with our API.
You will receive the following credentials from us:
client_id
: your personal service account idclient_secret
: your personal service account secrettoken_endpoint
:the URL to request the access tokenrefresh_token_endpoint
: the URL to refresh your access token
You need to make a POST request to our OIDC token endpoint using the client credentials flow.
Here’s an example using curl
:
curl -X POST "https://auth.korusticket.com/realms/korusticket/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=your-client-id" \
-d "client_secret=your-client-secret"
If the request is successful, the JSON response like this:
{
"access_token": "your-access-token",
"expires_in": 1800,
"refresh_expires_in": 1800,
"refresh_token": "your-refresh-token",
"token_type": "Bearer"
}
expires_in
and refresh_expires_id
are in seconds.
Once you obtain the access_token
, include it in the Authorization
header of your API requests:
curl -X GET "https://api.korusticket.com/catalogs" \
-H "Authorization: Bearer your-access-token"
You need to make a POST request to our OIDC token endpoint using the client credentials flow.
Here’s an example using curl
:
curl -X POST "https://auth.korusticket.com/realms/korusticket/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=refresh_token" \
-d "refresh_token=your-refresh-token" \
-d "client_id=your-client-id" \
-d "client_secret=your-client-secret"
If the request is successful, the JSON response like this:
{
"access_token": "your-access-token",
"expires_in": 1800,
"refresh_expires_in": 1800,
"refresh_token": "your-refresh-token",
"token_type": "Bearer"
}