Sign-up to Authlete and Creating a Service

Preface

These instructions describe how to sign up to Authlete, create a new service and register an OAuth/OIDC client to the service.

Instruction Steps

We will be covering the following steps of the instructions:

  1. Sign up to Authlete
  2. Create an API service instance
  3. Log in to Developer Console
  4. Register an OAuth/OIDC client
  5. Connect to the API

Instruction Steps

1. Sign up to Authlete

You have to obtain your own “Service Owner” account of Authlete before using its APIs as your authorization server’s backend. The link to the registration page is below. Keep “Login ID” and “Password” that you submitted safe.

https://so.authlete.com/accounts/signup

Let’s try to log in to Service Owner Console to see if your account has been successfully registered. Open the following link via Web browser and submit your Login ID and Password.

https://so.authlete.com/accounts/login


Once logged in successfully, you will see the following content.


Now you’ve got access to Authlete’s Service Owner Console. Click “Log out” link on upper right corner of the page if you would like to log out of the console.

2. Create an API service instance

Let’s prepare your first Authlete API service. Log in to Authlete’s Service Owner Console https://so.authlete.com/accounts/login and click “Create Service” button.


You will see the service creation page. Enter an arbitrary name of the service and click “Create” button. Press “OK” in a dialog for confirmation.


The new service has been created.

Automatically generated values of “API Key” and “API Secret” will be used as “Login ID” and “Password” to log in to Developer Console, as well as credential for your authorization server to make requests to Authlete APIs.

There is also a URL that points to “Client Application Developer Console.” You will use the link in the next step.


Item Value
API Key Auto-generated e.g. 10738933707579
API Secret Auto-generated e.g. Xg6jVpJCvsaXvy2ks8R5WzjdMYlvQqOym3slDX0wNhQ
Client Application Developer Console Auto-generated e.g. https://cd.authlete.com/10738933707579

3. Log in to Developer Console

Let’s add new client information to the new service you’ve just created. Open the link to Authlete’s Developer Console for the service (e.g. https://cd.authlete.com/10738933707579) and log in to the console with your API Key (e.g. 10738933707579) and API Secret (e.g. Xg6jVpJCvsaXvy2ks8R5WzjdMYlvQqOym3slDX0wNhQ) as Login ID and Password respectively.


4. Register an OAuth/OIDC client

Once logged in to the Developer Console successfully, you will see the following content. Click “Create App” button.


The Create App page includes a couple of tabs. The first one is Basic.

In this step, we will register an OAuth/OIDC client that has the following properties:

Enter an arbitrary value for Client Name and select CONFIDENTIAL for Client Type. Then click Authorization tab next to Basic.


On the Authorization tab, enter a value for Redirect URIs and select Client Authentication Method as stated below.


Item Value
Redirect URIs https://client.example.org/cb/example.com
Client Authentication Method CLIENT_SECRET_BASIC

Click “Create” button at the bottom of the page. Press “OK” in a dialog for confirmation.

Now you’ve done registration of the client to the service. Automatically generated values of “Client ID” and “Client Secret” will be used as client_id and client_secret for the client to make requests to the authorization server. Also, make sure other values are set as expected.



Item Value
Client ID Auto-generetad e.g. 12818600553323
Client Secret Auto-generated e.g. -olDIKD9BihRfB8O1JxobUEKBZ7PIV5Z6oaqxAshmoUtUZgB-wjmmxTYDiDV6vM_Mgl267PeNrRftq8cWplvmg
Client Type CONFIDENTIAL
Redirect URIs https://client.example.org/cb/example.com
Client Authentication Method CLIENT_SECRET_BASIC

Now you’ve completed preparing the minimum environment.

5. Connect to the API

Let’s check if the environment works, using Authlete’s /auth/authorization API.

Using /auth/authorization API

Let’s make a request to this API by acting as the authorization server.

For Linux/Mac, execute curl command as follows (message #4). Make sure to replace API Key, API Secret, Client ID by your own values generated in the previous step.

curl -s -X POST https://api.authlete.com/api/auth/authorization \
-u '<API Key e.g. 10738933707579>:<API Secret e.g. Xg6jVpJCvsaXvy2ks8R5WzjdMYlvQqOym3slDX0wNhQ>' \
-H 'Content-Type: application/json' \
-d '{ "parameters": "redirect_uri=https://client.example.org/cb/example.com&response_type=code&client_id=<Client ID e.g. 12818600553323>" }'

If you are using Windows 10's bundled curl.exe command via PowerShell, make sure the command is curl.exe instead of curl, escape " characters and use ` to break lines. (message #4). Make sure to replace API Key, API Secret, Client ID by your own values generated in the previous step.

curl.exe -s -X POST https://api.authlete.com/api/auth/authorization `
-u '<API Key e.g. 10723797812772>:<API Secret e.g. ekYoYTI84qZcpe6bXGzDwduQ1fGBYxJT8K8Tnwd7poc>' `
-H 'Content-Type: application/json' `
-d '{\"parameters\" : \"redirect_uri=https://client.example.org/cb/example.com&response_type=code&client_id=<Client ID e.g. 12800697055611>\"}'

If the request is appropriate, Authlete makes the following response (omitted for brevity).

{
   "resultMessage" : "[A004001] Authlete has successfully issued a ticket to the service (API Key = 10723797812772) for the authorization request from the client (ID = 12800697055611). [response_type=code, openid=false]",
   "type" : "authorizationResponse",
   "resultCode" : "A004001",
   "client" : { [...] },
   "ticket" : "bi2Kxe2WW5mK_GZ_fDFOpK1bnY6xTy40Ap_8nxf-7AU",
   "action" : "INTERACTION",
   [...]
   "service" : {
      [...]
      "supportedClaims" : [
         [...]
      ],
      "supportedScopes" : [
         [...]
      ],
   }
}

Conclusion

In these instructions, we were able to confirm how to sign up to Authlete, create a new service and register an OAuth/OIDC client to the service.

Next Steps

Check out related articles to implement your OAuth/OIDC servers and configure your Authlete service.