If you want to authenticate your application or script with Teamwork Cloud, you can use the following procedures.
Pre-configuring Authentication server
Authentication server implements the OpenID Connect standard with several customizations. To access the OpenID Connect configuration, go to https://<auth_server_host>:<port>/authentication/.well-known/openid-configuration.
The Authentication server must be configured to accept new client applications by changing these parameters in authserver.properties file:
Add URL of the client app to the whitelist, separate URLs with
a
comma: authentication.redirect.uri.whitelist. This can be either
a
full URL where users should be redirected back from the Authentication server, or just the beginning of it.
The authorization
Authorization endpoint will not accept redirect
URI
uri parameters that cannot be found in the whitelist.
Add new client IDs, separated with comma: authentication.client.ids. You might need to uncomment this line first. Authorization endpoint will not acceptclient_id parameter that cannot be found in this list.
There are a few deviations from standard OpenID Connect specification:
When invoking token endpoint, HTTP header X-Auth-Secret with secret must be passed with
the
value from authserver.properties, parameter authentication.client.secret.
ID tokens have
an
expiration time (configuration property authentication.token.expirity), they must be refreshed through the token endpoint by passing refresh tokens.
To call
Teamwork Cloud
TWC REST API with
a
generated authentication token, the token should be
sent
send in the header of the request:
Code Block
Authorization: Token <received_id_token>
Authentication with user interaction
The basic Authorization flow should be as follows:
1. Redirect the user to the AuthServer with HTTP GET parameters:
4. Receive back the JSON response with ID Token that can be used to authorize with TWC and refresh token that later should be used to refresh ID Token.
5. Refresh the ID Token by sending HTTP POST request to the token endpoint of the AuthServer with HTTP header X-Auth-Secret and parameters:
If your client ID is added into the authentication.client.permanent list, the returned token will have longer expiration time, configured in the parameter authentication.permanent.token.expirity.