开发文档
对接平台接口前,请先在平台上创建应用,获取应用的appId和appSecret
域名说明
https://sec-sso.apps.paas.se-unicloud.com
1、第一步,获取access_token接口
1.1 接口名
{domain}/auth/realms/open/protocol/openid-connect/token
1.2 调用方式
调用方式使用POST,application/x-www-form-urlencoded方式
1.3 请求参数
| 参数名 |
类型 |
是否必填 |
含义 |
示例 |
client_id |
string |
是 |
资源id,请填写gateway |
gateway |
grant_type |
string |
是 |
授权类型,请填写password |
password |
username |
string |
是 |
请填写您申请的appId |
demo_appId |
password |
string |
是 |
请填写您申请的appSecret |
demo_password |
1.4 返回参数
| 参数名 |
类型 |
含义 |
示例 |
access_token |
string |
对接平台接口的token |
|
expires_in |
string |
access_token过期时间(单位是秒,目前是1800秒) |
1800 |
refresh_token |
string |
刷新access_token的token |
|
refresh_expires_in |
string |
刷新的token的过期时间,默认是1800秒 |
1800 |
1.5 返回示例
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJXSklkUWFpb0p1WH.eyJleHAiOjE2MDg2MzU1MDcsImlhdCI6MTYwODYzMzcwNywianRpIjoiMmUwMmQxYTUtZDZhNS00Mzg0LWEwYzQtZjkzYmJlNzMxZDljIiwiaXNzIjoiaHR0cDovL2tleWNsb2FrLnRlc3QuaW90LnNlZHQuY29tL2F1dGgvcmVhbG1zL29wZW4iLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiZjo4NGU2ZDJjYS1jYzUzLTQ3ZjktYjI1Mi01NTE5MTliZjBmYjg6S0RXNnRKCZWFyZXIiLCJhenAiOiJnYXRld2F5Iiwic2Vzc2lvbl9zdGF0ZSI6ImU2MTMxOWRhLTZkNDMtNDUxNS1iYzFkLTUxNDhkNTMxODlhMSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiS0RXNnRKblEifQ.Nf7bAxLOUF1kqyq64PbUMPEVErRke7dC0R5z-WylYm8xSy9ffFTk7Ik0DfLLiiOZzrkPvjQniZsKFe5tY8H2TMH8aMMqfhdehYuq-m2_Ng8h8Q",
"expires_in": 1800,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1NzkxOWQ4Ny03Njc2LTQyNzQtOTdlNi05OTNjMjA5OTJlMWIifQ.ey2Y5LWIyNTItNTUxOTE5YmYwZmI4OktEVzZ0Sm5RIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImdhdGV3YXkiLCJzZXNzaW9uX3N0YXRlIjoiZTYxMzE5ZGEtNmQ0My00NTE1LWJjMWQtNTE0OGQ1MzE4OWExIiwic2NvcGUiOiJlbWFpbCBwcm9maWxlIn0.SvQoN1AgDPJ5-FTNLWX8XgFWB6OjmRqnXhO-U5AWXP0",
"token_type": "bearer",
"not-before-policy": 0,
"session_state": "e61319da-6d43-4515-bc1d-5148d53189a1",
"scope": ""
}
2、第二步,刷新access_token的接口
请注意在refresh_token过期时间内对此接口调用,确保access_token不过期
2.1 接口名
{domain}/auth/realms/open/protocol/openid-connect/token
2.2 调用方式
调用方式使用POST,application/x-www-form-urlencoded方式
2.3 请求参数
| 参数名 |
类型 |
是否必填 |
含义 |
示例 |
client_id |
string |
是 |
资源id,请填写gateway |
gateway |
grant_type |
string |
是 |
授权类型,请填写refresh_token |
refresh_token |
refresh_token |
string |
是 |
请填写第一步中获取的refresh_token |
2.4 返回参数
| 参数名 |
类型 |
含义 |
示例 |
access_token |
string |
对接平台接口的token |
|
expires_in |
string |
access_token过期时间(单位是秒,目前是1800秒) |
1800 |
refresh_token |
string |
刷新access_token的token |
|
refresh_expires_in |
string |
刷新的token的过期时间,默认是1800秒 |
1800 |
2.5 返回示例
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJXSklkUWFpb0p1WH.eyJleHAiOjE2MDg2MzU1MDcsImlhdCI6MTYwODYzMzcwNywianRpIjoiMmUwMmQxYTUtZDZhNS00Mzg0LWEwYzQtZjkzYmJlNzMxZDljIiwiaXNzIjoiaHR0cDovL2tleWNsb2FrLnRlc3QuaW90LnNlZHQuY29tL2F1dGgvcmVhbG1zL29wZW4iLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiZjo4NGU2ZDJjYS1jYzUzLTQ3ZjktYjI1Mi01NTE5MTliZjBmYjg6S0RXNnRKCZWFyZXIiLCJhenAiOiJnYXRld2F5Iiwic2Vzc2lvbl9zdGF0ZSI6ImU2MTMxOWRhLTZkNDMtNDUxNS1iYzFkLTUxNDhkNTMxODlhMSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiS0RXNnRKblEifQ.Nf7bAxLOUF1kqyq64PbUMPEVErRke7dC0R5z-WylYm8xSy9ffFTk7Ik0DfLLiiOZzrkPvjQniZsKFe5tY8H2TMH8aMMqfhdehYuq-m2_Ng8h8Q",
"expires_in": 1800,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1NzkxOWQ4Ny03Njc2LTQyNzQtOTdlNi05OTNjMjA5OTJlMWIifQ.ey2Y5LWIyNTItNTUxOTE5YmYwZmI4OktEVzZ0Sm5RIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImdhdGV3YXkiLCJzZXNzaW9uX3N0YXRlIjoiZTYxMzE5ZGEtNmQ0My00NTE1LWJjMWQtNTE0OGQ1MzE4OWExIiwic2NvcGUiOiJlbWFpbCBwcm9maWxlIn0.SvQoN1AgDPJ5-FTNLWX8XgFWB6OjmRqnXhO-U5AWXP0",
"token_type": "bearer",
"not-before-policy": 0,
"session_state": "e61319da-6d43-4515-bc1d-5148d53189a1",
"scope": ""
}
3、第三步,调用业务接口
调用业务接口使用Bearer token,Bearer token的含义是
在请求的header中添加Authorization参数并且值是Bearer {access_token},注意Bearer和access_token之间有空格