Skip to main content

KOBIL Cookie

The main use case is to authenticate the user based on the access token and exchange it for a different access token with limited scope or authorization code.

Type

ProtocolOpenID Connect 1.0
HTTP methodGET
TypeBrowser Flow
EndpointAuthorization Endpoint
Flow SupportedAuthorization code flow
Implicit flow
Hybrid flow
ResponseID Token, Access Token, Refresh Token
Response Modequery, form_post, fragment

How to configure

To access the config of the execution press the Settings button and select Config . The authenticator configuration screen will appear. Then enter your config data.

KOBIL Cookie flow

Configuration

ParameterDescription
IDUnique system UUID, which will be assigned automatically to record in a database.
AliasName for the overall configured configurations which occurs in particular authenticator.
Header/Cookie NameProvide a name of the "key" also called "field, name" send during client authentication request either in the header or in the cookie. For Example: 1FA-Token
Result ACR ValueProvide the ACR Value which needs to be added to the token.
Expected Client NameConfigure the client name should provided in the azp (authorized party) of the token.
Enable LoaderIf enabled error page will be displayed when navigating back from the next authenticator.
AST RegistrationIf enabled, activates or verifies users in AST and links user to AST client.
AST LoginIf enabled initiates AST login for user.
AMR valueConfigure the AMR value for token when flow succeeds.
Enable BruteForce CheckIf enabled, an error page is displayed when user is locked in bruteforce.

KOBIL Cookie flow

Execution Flow

This execution contains the following main steps:

  1. KOBIL Cookie is an independent authenticator and could be used without any precedent authenticator.
  2. An access token is generated and stored in the server for every user during the IAM onboarding.
  3. The token should either be set in the header or the client portal URL cookie.
  4. Now when the user tries to login, the access token is verified and login happens.
KOBIL Cookie flow
  • Download the postman collection here.

  • Use the Get Access token API to generate an access token.

  • Use the sample GET method named "KOBIL Cookie" for reference.

  • Paste the `authorization URL in the request URL section.

  • Go to the "Headers" tab and add the previously generated access token in the value parameter and send the request.

    Else

  • Go to the "Cookies" tab -> Add Cookie and add the previously generated access token in the value parameter and send the request.

  • If the request is fetched successfully, then the cookie is verified.

Development

Example
curl --location --request GET 'midprovider.kobil.com/digitanium/v3/auth?client_id=ibm_ega&response_type=code&redirect_uri=app://login&scope=openid&response_mode=querry&nonce=sadasdsadasd' \
--header '2FA-token: {{access token}}' \
--header 'Content-Type: application/x-www-form-urlencoded'
OkHttpClient client = new OkHttpClient().newBuilder()
.build();
Request request = new Request.Builder()
.url("midprovider.kobil.com/digitanium/v3/auth?client_id=ibm_ega&response_type=code&redirect_uri=app://login&scope=openid&response_mode=querry&nonce=sadasdsadasd")
.method("GET", null)
.addHeader("2FA-token", "{{access token}}")
.addHeader("Content-Type", "application/x-www-form-urlencoded")
.build();
Response response = client.newCall(request).execute();
var settings = {
"url": "midprovider.kobil.com/digitanium/v3/auth?client_id=ibm_ega&response_type=code&redirect_uri=app://login&scope=openid&response_mode=querry&nonce=sadasdsadasd",
"method": "GET",
"timeout": 0,
"headers": {
"2FA-token": "{{access token}}",
"Content-Type": "application/x-www-form-urlencoded"
},
};

$.ajax(settings).done(function (response) {
console.log(response);
});

import http.client
import mimetypes
conn = http.client.HTTPSConnection("midprovider.kobil.com")
payload = ''
headers = {
'2FA-token': '{{access token}}',
'Content-Type': 'application/x-www-form-urlencoded'
}
conn.request("GET", "/digitanium/v3/auth?client_id=ibm_ega&response_type=code&redirect_uri=app://login&scope=openid&response_mode=querry&nonce=sadasdsadasd", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))

Basically only the extra paramater needs to be added to the header. For example --header '1FA-token: {{1FA access token}}' is added to the request.

The name of the parameter can be defined in configuration under section "Header/Cookie Name".

curl --location --request GET 'midprovider.kobil.com/digitanium/v3/auth?client_id=ibm_ega&response_type=code&redirect_uri=app://login&scope=openid&response_mode=querry&nonce=sadasdsadasd' \
--header '1FA-token: {{1FA access token}}' \
--header '2FA-token: {{2FA access token}}' \
--header 'Content-Type: application/x-www-form-urlencoded'
var settings = {
"url": "midprovider.kobil.com/digitanium/v3/auth?client_id=ibm_ega&response_type=code&redirect_uri=app://login&scope=openid&response_mode=querry&nonce=sadasdsadasd",
"method": "GET",
"timeout": 0,
"headers": {
"1FA-token": "{{1FA access token}}",
"2FA-token": "{{access token}}",
"Content-Type": "application/x-www-form-urlencoded"
},
};

$.ajax(settings).done(function (response) {
console.log(response);
});

OkHttpClient client = new OkHttpClient().newBuilder()
.build();
Request request = new Request.Builder()
.url("midprovider.kobil.com/digitanium/v3/auth?client_id=ibm_ega&response_type=code&redirect_uri=app://login&scope=openid&response_mode=querry&nonce=sadasdsadasd")
.method("GET", null)
.addHeader("1FA-token", "{{1FA access token}}")
.addHeader("2FA-token", "{{access token}}")
.addHeader("Content-Type", "application/x-www-form-urlencoded")
.build();
Response response = client.newCall(request).execute();

import http.client
import mimetypes
conn = http.client.HTTPSConnection("midprovider.kobil.com")
payload = ''
headers = {
'1FA-token': '{{1FA access token}}',
'2FA-token': '{{access token}}',
'Content-Type': 'application/x-www-form-urlencoded'
}
conn.request("GET", "/digitanium/v3/auth?client_id=ibm_ega&response_type=code&redirect_uri=app://login&scope=openid&response_mode=querry&nonce=sadasdsadasd", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))