Versions Compared

Old Version 18

changes.mady.by.user Vedat Ekiz

Saved on

compared with

New Version 19

changes.mady.by.user Vedat Ekiz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
hiddentrue

Status

Status
colourYellow
titlefor review

Approver

Pavel Shkadzko

...

This authentication scheme is based on HTTP Basic Authentication. Your application needs to use HTTP Basic Authentication to authenticate itself with Gini Pay API. Additionally, another header called X-User-Identifier is sent together with the Authorization header in one request. This header is used by the API to identify individual users. Your application is free to choose whatever value it wants for the header, as long as the following constraints are met:

  • Each user's identifier must be unique.

  • Once set for a user, the identifier must remain the same.

...

The payload of the JWT access token should at least include the following claims:

Claim Name

Description

iss

mandatory

The value holds the issuer of the identity provider.

...

<user_identifier_claim_name>

mandatory

The value holds a hash which identifies the user, same as X-User-Identifier in the basic authentication schema. Claim name is configurable at Gini backend.

<client_id_claim_name>

mandatory

The value holds the client id that communicates with Gini backend, same as client-id in the basic authentication schema. Claim name is configurable at Gini backend.

<client_secret_claim_name>

optional

The value holds the client secret that communicates with Gini backend, same as secret in the basic authentication schema. The existence of the claim and the claim name is configurable at Gini backend.

Sample JWT claim content with the configuration:

user_identifier_claim_name=x-user-identifier

client_id_claim_name=x-client-id

client_secret_claim_name=x-client-secret

Code Block
languagejson
{
  ...
  "exp": 2025803444,
  "iss": "http://issuer-url-of-your-identity-provider",
  "typ": "Bearer",
  "x-user-identifier": "user1",
  "x-client-secret": "clientId",
  "x-client-id": "<clientSecret>",
  ...
}

...

Direct communication between client devices and Gini Pay API

Gini offers the User Center API (UC API) to work with Gini users. Here is a quick step-by-step guide that outlines how to create and use a new anonymous Gini account.

...

You should already have the client ID client-id and the client secret client-secret. They authorize your client (with HTTP Basic Authentication) to obtain the client access token, see the example on the right.

See Authenticate Client.

Code Block
languagejson
//obtain the client token

curl -v -H 'Accept: application/json'
    -u 'client-id:client-secret'
    'https://user.gini.net/oauth/token?grant_type=client_credentials'
the successful response will have HTTP status 200 and the client access token 1eb7ca49-d99f-40cb-b86d-8dd689ca2345 will be returned

{
  "access_token":"1eb7ca49-d99f-40cb-b86d-8dd689ca2345",
  "token_type":"bearer","expires_in":43199,"scope":"read"
}

...

Once the client access token is successfully obtained, it's time to create a new user. For that, we require two more values: a username and a password. The username should be represented by a correct email address whose domain part is easily linkable to your application. For example, if your company is called Example Inc. then app.example.org would be a good domain name to use for your application's user accounts.

See Create New User.

Code Block
languagejson
//create a new user

curl -v -X POST --data '{"email":"random@example.org", "password":"geheim"}'
    -H 'Content-Type: application/json'
    -H 'Accept: application/json'
    -H 'Authorization: BEARER 1eb7ca49-d99f-40cb-b86d-8dd689ca2345'
    'https://user.gini.net/api/users'

...