Skip to content

Latest commit

 

History

History
73 lines (61 loc) · 2.99 KB

File metadata and controls

73 lines (61 loc) · 2.99 KB

To use the API, you need a bearer access token. Each request must include the bearer access token in the HTTP Authorization header. There are three relevant processes for handling access tokens: Generate offline access refresh token Refresh access token Revoke refresh token Generate offline access refresh token Generate verification URI.

curl -X POST 'https://www.servercontrolpanel.de/realms/scp/protocol/openid-connect/auth/device'
-d "client_id=scp"
-d 'scope=offline_access openid' | jq { "device_code": "", "user_code": "", "verification_uri": "https://www.servercontrolpanel.de/realms/scp/device", "verification_uri_complete": "https://www.servercontrolpanel.de/realms/scp/device?user_code=", "expires_in": 600, "interval": 5 }

Open verification_uri_complete from response in Browser and enter your user credentials. Accept grant access to SCP with privileges profile, offline_access, roles, email after submitting your credentials. Generate access token and offline access refresh token with device_code from response in step "Generate verification URI".

curl -X POST 'https://www.servercontrolpanel.de/realms/scp/protocol/openid-connect/token'
-d 'grant_type=urn:ietf:params:oauth:grant-type:device_code'
-d 'device_code='
-d 'client_id=scp' | jq { "access_token": "", "expires_in": 300, "refresh_expires_in": 0, "refresh_token": "", "token_type": "Bearer", "not-before-policy": 0, "session_state": "", "scope": "profile offline_access email" }

Use access token within the next 300 seconds to access the API. See "Refresh access token" how to obtain a new access token.

curl 'https://www.servercontrolpanel.de/scp-core/api/v1/servers?limit=10'
-H 'Authorization: Bearer ' | jq ...

Refresh access token The offline refresh token can be used multiple times and does not expire as long as it is used at least once every 30 days.

curl 'https://www.servercontrolpanel.de/realms/scp/protocol/openid-connect/token'
-d 'client_id=scp'
-d 'refresh_token=<refresh_token>'
-d 'grant_type=refresh_token' | jq

Revoke refresh token If the refresh token is leaked or no longer needed it could be revoked.

curl 'https://www.servercontrolpanel.de/realms/scp/protocol/openid-connect/revoke'
-d 'client_id=scp'
-d "token="
-d "token_type_hint=refresh_token" | jq ...

Forgotten refresh tokens can be revoked in the Account Console (Menu "Applications" - Application "scp" - Button "Remove access"): Open User Info Use the following endpoint to find out the ID of the user.

curl 'https://www.servercontrolpanel.de/realms/scp/protocol/openid-connect/userinfo'
-H 'Authorization: Bearer ' | jq { ... "id": "" ... }