KOBIL Oneshot
KOBIL Oneshot
The main use case is to authenticate the user based on query parameter login OTP. This login OTP is returned by IDP SDK on behalf of successful IDP SDK Login.
Type
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
| Response Mode | query, form_post, fragment |
How to configure
To access the config of the execution press the Actions button and select Config . The authenticator configuration screen will appear. Then enter your config data.
Configuration
Parameters involved in KOBIL Oneshot execution
| Parameter | Description |
|---|---|
| Alias | Provide an alias name for the configuration to be set. |
| Enable Riskbit Validation | Switch this ON to enable Riskbit validation. Refer Riskbits for more information. |
Execution Flow
This execution contains the following main steps:
-
KOBIL Oneshot is an independent authenticator, which does not have to be paired with any other authenticator.
-
KOBIL Oneshot requires a username and login OTP for verification.
Note: The login OTP you will receive on successful IDP SDK Login, call back on LoginEnd.
-
User needs to provide the username and login OTP is passed in the URL query parameter: login OTP.
- 3a. Username will be verified against the IDP Provider, and IDP Server.
- 3b. Login OTP is verified against the IDP Server.
Note: Login OTP is verified against KOBIL Server and NOT against KOBIL IDP Provider.
- If the authentication is successful, the user is logged in.
Use Case: This execution is mainly used in mobile apps where the action is done automatically by the mobile app, without any user interaction.
This execution is mostly used in combination with other execution for example username + password.
Used By: Mobile and Desktop App that has access to the IDP SDK.
Additional Uses: Some sources recommend using this grant with your native apps (rather than the authorization code grant with the public client) since full access and control over the source code is ensured.
This grant can also be used in place of the Client Credential Grant in situations where a service account is used to represent the system or calling application.
Develop
| Parameter | Description |
|---|---|
| userid *required | userid stored in IDP Provider not in IDP Server |
| login_otp *required | Provide KOBIL Token, called login OTP. IDP SDK delivers this token on successful authentication, in SDK callback on LoginEnd(..., loginOTP) |
Example
https://midprovider.kobil.com/digitanium/v3/auth
?client_id=kobil_oneshot_test
&redirect_uri=https%3A%2F%2Fexample-redirect-uri.com
&scope=openid&response_type=token
&response_mode=fragment
&state=gfsjhjgfjshdgfjhs
&nonce=c9ayedrim4p
&username=user_test
&login_otp=1096D3GHDD89732A2DE1161BA1DC739671233058BAF3B70D7B0CA999D3387BC5F573736D73312E65636F2D64656D6F31
curl --location --request GET 'https://midprovider.kobil.com/digitanium/v3/auth?client_id=kobil_oneshot_test&redirect_uri=https%3A%2F%2Fexample-redirect-uri.com&scope=openid&response_type=token&response_mode=fragment&state=gfsjhjgfjshdgfjhs&nonce=c9ayedrim4p&username=user_test&loginOTP=1096D3GHDD89732A2DE1161BA1DC739671233058BAF3B70D7B0CA999D3387BC5F573736D73312E65636F2D64656D6F31'
var settings = {
"url": "https://midprovider.kobil.com/digitanium/v3/auth?client_id=kobil_oneshot_test&redirect_uri=https%3A%2F%2Fexample-redirect-uri.com&scope=openid&response_type=token&response_mode=fragment&state=gfsjhjgfjshdgfjhs&nonce=c9ayedrim4p&username=user_test&loginOTP=1096D3GHDD89732A2DE1161BA1DC739671233058BAF3B70D7B0CA999D3387BC5F573736D73312E65636F2D64656D6F31",
"method": "GET",
"timeout": 0,
};
$.ajax(settings).done(function (response) {
console.log(response);
});
OkHttpClient client = new OkHttpClient().newBuilder()
.build();
Request request = new Request.Builder()
.url("https://midprovider.kobil.com/digitanium/v3/auth?client_id=kobil_oneshot_test&redirect_uri=https%3A%2F%2Fexample-redirect-uri.com&scope=openid&response_type=token&response_mode=fragment&state=gfsjhjgfjshdgfjhs&nonce=c9ayedrim4p&username=user_test&loginOTP=1096D3GHDD89732A2DE1161BA1DC739671233058BAF3B70D7B0CA999D3387BC5F573736D73312E65636F2D64656D6F31")
.method("GET", null)
.build();
Response response = client.newCall(request).execute();
import http.client
import mimetypes
conn = http.client.HTTPSConnection("midprovider.kobil.com")
payload = ''
headers = {}
conn.request("GET", "/digitanium/v3/auth?client_id=kobil_oneshot_test&redirect_uri=https%3A%2F%2Fexample-redirect-uri.com&scope=openid&response_type=token&response_mode=fragment&state=gfsjhjgfjshdgfjhs&nonce=c9ayedrim4p&username=user_test&loginOTP=1096D3GHDD89732A2DE1161BA1DC739671233058BAF3B70D7B0CA999D3387BC5F573736D73312E65636F2D64656D6F31", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))