Authorization API documentation

Content

Introduction

Calling a secured API from browser applications and native apps
Calling a secured API from web server applications
Calling a secured API from a server using OAuth 2.0 Token Exchange

Calling a secured API from a server (B2B) with authorization code grant
Calling a secured API from a server (B2B) with the client credentials grant
Calling a secured API from a server (B2B) using a SAML 1.1 Assertion.

Requesting the profile information of the Resource Owner of an OAuth 2.0 Access Token
Revoking tokens

Verifying an OAuth 2.0 Access Token as a Resource Server

Requesting the profile information of the Resource Owner of an OAuth 2.0 Access Token

A client can request profile information of the resource owner. In order to retrieve the profile information the client must send a request to the Authorization server passing the access token and the client credentials in the request. This request is only possible for confidential first party clients who have obtained a client secret from Digitaal Vlaanderen.

Forming the request

The URL used to request the profile information of the Resource Owner of an OAuth 2.0 Access Token >https://oauth.vlaanderen.be/authorization/ws/oauth/v2/authorization/profile.

Endpoint Description Method
https://oauth.vlaanderen.be/authorization/ws/oauth/v2/authorization/profile This endpoint is the target of the request for the profile information of the Resource Owner of an OAuth 2.0 Access Token. HTTP-POST

The form body posted is composed of the following parameters.

Parameter Values Description Required
access_token The access token obtained from the OAuth 2.0 Authorization Server. A string representing the access token issued by the OAuth 2.0 Authorization Server. Yes
client_id The client id obtained via the OAuth administration site. The client identifier is a unique string representing the registration information provided by the client. Yes
client_secret The client secret obtained via the OAuth administration site. The client secret is a unique string to authenticate the client, and should be treated as a password. Yes.

Example 


POST /ws/oauth/v2/authorization/profile HTTP/1.1
Host: https://oauth.vlaanderen.be/authorization/
Content-Type: application/x-www-form-urlencoded

access_token=5Op37vHN_T9zYV6vkA
&client_id=Zt6JYU7
&client_secret=HiushneYIHKZEFGfjs567huUUll

The body only contains extra newlines for readability. Be sure to url-encode the accesstoken and the clientsecret.

Handling the response

The response is a JSON object containing the available profile information.

Property Values Description
name A string value The username of the resource owner. This value is not unique.
givenName A string value The given name of the resource owner.
surname A string value The surname of the resource owner.
contactId A numeric value The id of the resource owner. This can be used to uniquely identify the resource owner.

Example 


{
    "name": "johnd",
    "givenName":"John",
    "surname":"Doe",
    "contactId":"12345"
}

Handling an error

When there is an error a JSON result is returned with the error information.

Example 


{
    "error":"invalid_token"
}
© 2024 Digitaal Vlaanderen - Alle rechten voorbehouden - Havenlaan 88, 1000 Brussel | Koningin Maria Hendrikaplein 70, 9000 Gent - E digitaal.vlaanderen@vlaanderen.be