A token of type Bearer for user authentication. Tokens are valid for a default of one day, which can be changed via the provided framework API. If changed, the next token issued will reflect that expiration time.
https://oauth.api.nhncloudservice.com/
Follow the steps below to issue a User Access Key ID and Secret Access Key first. 1. After logging in to the NHN Cloud Console, click Email address > API Security Settings in the upper right corner. 2. Click Generate User Access Key ID 3. Select Generate User Access Key ID and Secret Access Key and click Confirm to issue - After issuance, the Secret Access Key should be copied and kept separately. - The User Access Key ID can be found on the API Security Settings page.
POST /oauth2/token/create
* Request
Category | Name | Type | Required | Value | Description |
---|---|---|---|---|---|
Header | Content-Type | String | Yes | application/x-www-form-urlencoded | |
Header | Authorization | String | Yes | Basic Base64(UserAccessKeyID:SecretAccessKey) | Use the Base64 encoded result of UserAccessKeyID:SecretAccessKey followed by Basic |
Request Param | grant_type | String | Yes | client_credentials |
Name | Type | Required | Description |
---|---|---|---|
grant_type | String | Yes | client_credentials |
access_token | String | Yes | Authentication token of type Bearer issued |
token_type | String | Yes | Token type |
expires_in | String | Yes | The time in seconds remaining until expiration, which defaults to 86,400 seconds (one day) |
{
"access_token":"luzocEoQ3tyMvM6pLtoSTHSphgJSGhl5hVvgSstdVQ1X1bZnf9AEMGAcSERIi1Dq0bybSMv0raOcahZjYpZ2biaaoF3jTi9caF5M2TN9F98iZawbBJmN94CPF2Rpe0JI",
"token_type":"Bearer",
"expires_in":86400
}
The dXNlckFjY2Vzc0tleTp1c2VyU2VjcmV0S2V5
in Authorization below is the result of base64 encoding the UserAccessKeyID:SecretAccessKey
.curl --request POST 'https://oauth.api.nhncloudservice.com/oauth2/token/create' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic dXNlckFjY2Vzc0tleTp1c2VyU2VjcmV0S2V5' \
-d 'grant_type=client_credentials'
curl --request POST 'https://oauth.api.nhncloudservice.com/oauth2/token/create' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-u 'UserAccessKeyID:SecretAccessKey' \
-d 'grant_type=client_credentials'
@FeignCl ient(name = "auth", url = "https://oauth.api.nhncloudservice.com")
public interface AuthClient {
@PostMapping(value = "/oauth2/token/create", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
TokenResponse createToken(@RequestHeader("Authorization") String authorization, @RequestParam("grant_type") String grantType);
}
@Autowired
private RestTemplate restTemplate;
public TokenResponse createToken(String userAccessKeyID, String secretAccessKey) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.setBasicAuth(userAccessKeyID, secretAccessKey);
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add("grant_type", "client_credentials");
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
return restTemplate.postForObject("https://oauth.api.nhncloudservice.com/oauth2/token/create", request, TokenResponse.class);
}
When using OpenFeign on Spring Cloud to automatically issue and renew tokens
This method is only possible if you are using Spring Boot 3.0 or later. You will need to implement the part of reissuing the token yourself in case you force it to expire via the API. * In case you force an expiration through APIs, you must implement the reissue part yourself.
1: Add a dependency
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
}
@FeignClient(name = "publicApiClient", url = "https://core.api.nhncloudservice.com")
public interface ExampleApiClient {
@GetMapping("/v1/organizations")
String getOrganizations();
}
The following is an example and should be changed to match your actual security settings.
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(authorize -> authorize.anyRequest().permitAll())
.formLogin(AbstractHttpConfigurer::disable);
return http.build();
}
}
@Configuration
public class Oauth2Config {
@Bean
public ClientRegistrationRepository clientRegistrationRepository() {
ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("TokenClient")
.clientId("UserAccessKeyID")
.clientSecret("SecretAccessKey")
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.tokenUri("https://oauth.api.nhncloudservice.com/oauth2/token/create")
.build();
return new InMemoryClientRegistrationRepository(clientRegistration);
}
@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(ClientRegistrationRepository clientRegistrationRepository) {
OAuth2AuthorizedClientService authorizedClientService = new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
return new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientService);
}
/** * /** * AuthorizedClientManager.
* Interceptor for sending the automatically issued token in the request header when making a Feign request.
*/
@Bean
public RequestInterceptor oAuth2AccessTokenInterceptor(OAuth2AuthorizedClientManager authorizedClientManager) {
// Requests the issued token in the x-nhn-authorization header when making a public API request.
return new OAuth2AccessTokenInterceptor("Bearer", "x-nhn-authorization", "TokenClient", authorizedClientManager);
}
}
POST /oauth2/token/revoke
* Request
Category | Name | Type | Required | Value | Description |
---|---|---|---|---|---|
Header | Content-Type | String | Yes | application/x-www-form-urlencoded | |
Header | Authorization | String | Yes | Basic Base64(UserAccessKeyID:SecretAccessKey) | Use the Base64 encoded result of UserAccessKeyID:SecretAccessKey followed by Basic |
Request Param | token | String | Yes | access token | Issued token |
curl --request POST 'https://oauth.api.nhncloudservice.com/oauth2/token/revoke' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic dXNlckFjY2Vzc0tleTp1c2VyU2VjcmV0S2V5' \
-d 'token=luzocEoQ3tyMvM6pLtoSTHSphgJSGhl5hVvgSstdVQ1X1bZnf9AEMGAcSERIi1Dq0bybSMv0raOcahZjYpZ2biaaoF3jTi9caF5M2TN9F98iZawbBJmN94CPF2Rpe0JI'
curl --request POST 'https://oauth.api.nhncloudservice.com/oauth2/token/revoke' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-u 'UserAccessKeyID:SecretAccessKey' \
-d 'token=luzocEoQ3tyMvM6pLtoSTHSphgJSGhl5hVvgSstdVQ1X1bZnf9AEMGAcSERIi1Dq0bybSMv0raOcahZjYpZ2biaaoF3jTi9caF5M2TN9F98iZawbBJmN94CPF2Rpe0JI'
@FeignClient(name = "auth", url = "https://oauth.api.nhncloudservice.com")
public interface AuthClient {
@PostMapping(value = "/oauth2/token/revoke", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
void revokeToken(@RequestHeader("Authorization") String authorization, @RequestParam("token") String token);
}
@Autowired
private RestTemplate restTemplate;
public void revokeToken(String userAccessKeyID, String secretAccessKey, String token) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
headers.setBasicAuth(userAccessKeyID, secretAccessKey);
MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add("token", token);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
restTemplate.postForObject("https://oauth.api.nhncloudservice.com/oauth2/token/revoke", request, Void.class);
}
When calling the framework API, a token is included in the x-nhn-authentication
header to authenticate the caller.
Example
curl -X GET "https://core.api.nhncloudservice.com/v1.0/organizations" -H "x-nhn-authentication: Bearer {token}"