Authentification

Authentication

This API uses OAuth 2.0 for secure authorization. Access requires generating a token with a username and password.

Steps to Authenticate

1. Prerequisites

A valid PeopleSpheres account with a username and password.
The Keycloak Client ID : web-app client
The Keycloak token endpoint URL for your environment.

Token endpoint format https://<keycloak-host>/auth/realms/Internal-idp/protocol/openid-connect/token

For preproduction : https://sso-preproduction.monportailrh.com/ For production : https://sso-monportailrh.com/

2. Generate an access token

Use the token endpoint to exchange your credentials for an access token. Send the parameters as application/x-www-form-urlencoded.

Required parameters

Name

Value

Notes

grant_type

password

Tells Keycloak to use the username and password flow

client_id

web-app

username

your PeopleSpheres username

Example [email protected]

password

your PeopleSpheres password

Keep this secret safe

Example cURL :

curl -X POST "https://<keycloak-host>/auth/realms/Internal-idp/protocol/openid-connect/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=password" \
  -d "client_id=webb-app" \
  -d "[email protected]" \
  -d "password=***"

Sample response :

{
  "access_token": "<jwt>",
  "expires_in": 300,
  "refresh_expires_in": 36000,
  "refresh_token": "<jwt_refresh>",
  "token_type": "Bearer",
  "session_state": "…",
  "scope": "profile email"
}

Notes

The default access token lifetime is 300 seconds in this environment.
The refresh token lifetime can be up to 36000 seconds depending on configuration.

PreviousIntroduction NextLimits

Last updated 1 month ago