Versions Compared

Old Version 1

changes.mady.by.user Jonė Š.

Saved on

compared with

New Version Current

changes.mady.by.user Agne P.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

On this page

Table of Contents
maxLevel5


Other web applications can integrate with Authentication server through OAuth 2.0 protocol to authenticate users and access Teamwork Cloud REST API on behalf of those users.

Authentication server behaves as OAuth 2.0 Authorization Server. Web applications that need access to Teamwork Cloud REST API on behalf of an authenticated user should implement OAuth 2.0 Client functionality according to OAuth 2.0 protocol specification.

OAuth 2.0 integration

Info
See OAuth 2.0 specification for more details.

Authentication server provides a JSON with all endpoints required for the integration. This JSON can be retrieved using https://<server_host>:8443/authentication/.well-known/oauth2.0-configuration endpoint. This JSON also returns supported response types and grant types.

Example JSON:

Code Block
languagebash
{

  "response_types_supported": [

    "token",

    "code"

  ],

  "device_authorization_endpoint": "https://localhost:8443/authentication/api/oauth2/device_code",

  "jwks_uri": "https://localhost:8443/authentication/jwks.json",

  "grant_types_supported": [

    "urn:ietf:params:oauth:grant-type:device_code",

    "refresh_token",

    "password",

    "authorization_code"

  ],

  "registration_endpoint": "https://localhost:8443/authentication/api/oauth2/register",

  "token_endpoint_auth_methods_supported": [

    "client_secret_basic"

  ],

  "scopes_supported": [],

  "issuer": "https://localhost:8443/authentication",

  "authorization_endpoint": "https://localhost:8443/authentication/oauth2/authorize",

  "token_endpoint": "https://localhost:8443/authentication/api/oauth2/token"

}


Authentication server supports the following authorization grants:

 

OAuth 2.0 client registration

To register OAuth 2.0 clients:

    1. Use the web UI: go to the Settings app of Web Application Platform and search for OAuth 2.0 tab in theOAuth clientssection.
    2. Use registration_endpoint API: (see the example JSON).
      Example client registration request when using API:


Code Block
languagebash
POST https://localhost:8443/authentication/api/oauth2/register

BODY:

{

           client_name: “Client name”,

           redirect_uris: [“redirect uri”] // comma separated URIs

}


Note

Limitations of the client registration endpoint:

  • You cannot provide supported grant types or response types – default options are set.
  • Authentication server generates the client secret automatically.

However, you can update all of these attributes any time in the OAuth clientssection of the Settings app (i.e. using the web UI).

Teamwork Cloud REST API access

After the OAuth 2.0 client gets an access token after user authentication, it can call Teamwork Cloud REST API endpoints by providing the following header:

Code Block
Authorization: Bearer <access token>