Versions Compared

Old Version 4

changes.mady.by.user Petru Galanton

Saved on

compared with

New Version Current

changes.mady.by.user Vincent Jansen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
# the Runtime must be configured to use OpenID Connect login
blueriq.security.login-type=openid-connect


# the HTTP connection must be configured to use OpenID Connect authentication
blueriq.connection.Example.http.url=http://example.com/rest/service
blueriq.connection.Example.http.authentication=openid-connect
Info

See AQ_RestServiceClient for more information about how to define the HTTP connection for an AQ_RestServiceClient service call.

Warning

When an HTTP connection is configured with openid-connect authentication type, it must not be configured with username, password or domain. Having both openid-connect authentication and username/password/domain defined at the same time is considered as a configuration error.


When the REST service definition used by the AQ_RestServiceClient uses the Authorization header in the request definition, the value of the Authorization header is overwritten with the access token of the currently logged in user, if one exists. The validity (and in particular the expiration date) of the access token is not checked. It is up to the receiving service to validate the token and return an error if the token is not acceptable for any reason (eg. expired, not issued by the identity provider expected by the remote service, the user is not granted access to the remote service based on the user/role/team information in the access token, etc). If the remote service rejects the access token (by returning a 4xx or 5xx status code, typically 401 or 403), the AQ_RestServiceClient will take the exception exit.

...