OSP provides a non-standard OAuth 2.0 endpoint for signing additional data that can be passed during the grant request. The URL of the sign endpoint is: https://<serverip>/osp/a/TOP/auth/oauth2/sign.
The sign endpoint helps to create a signed and encrypted data packet that can be used to supply data to other endpoints. For more information, see the Sign class documentation.
The only endpoint with which the signed data is currently used is the grant endpoint when it is used with the authorization code grant and implicit grant types.
The signed data can be used to supply one or both of the following:
Username: Supplying the username for a client application is useful when you already know the username.
Advanced Authentication chain: An Advanced Authentication server (5.6 or later) can be used to supply one or more additional authentication factors by authenticating with Advanced Authentication OAuth 2.0 for a user who is already authenticated. The username and name of the desired authentication chain containing the factor(s) is supplied.
You must be able to resolve username in an Advanced Authentication repository and you must configure the chain in the Advanced Authentication event for the OAuth 2.0 client used.
Submitting the Data
The sign endpoint is used by submitting a string value to the endpoint. The output is returned in a JSON structure.The output can be used with the grant endpoint with the parameters attribute.
You can accomplish OAuth 2.0 client authentication with HTTP Basic or Bearer authorization header value.
Request parameters
data (required): The data to be signed and encrypted.See OAuth2Constants.OAUTHX_REQUEST_PARAM_DATA.
ttl (optional): The time-to-live period of the result data in milliseconds. If no value is supplied, then the default value of 30 seconds is used.