Fenris Authentication Documentation

Download OpenAPI specification:

More About Fenris Authentication and Bearer Tokens

Fenris restricts access to its APIs and manages access tokens through an OAuth2 authorization server. The Client Credentials workflow defined by the OAuth 2 specification is the principal token manager. You will receive a Client ID and Client Secret used to obtain an access token from the Authorization Server.

Fenris uses a Bearer Authentication scheme, which is one of the most commonly used methods for API Authentication. Bearer tokens can be understood as "granting access to the bearer of this token".

When a request is made to the Fenris Authorization Server with the Fenris-provided Client ID and Client Secret, the Fenris Authorization Server returns a response containing a bearer token. This token is a random string that is generated in response to the provided Client ID and Client Secret. The bearer token provides access to the restricted Fenris Services when the token is included in the Authorization header of a request. When a request to a Fenris Service is sent with the bearer token included in the header, the service verifies that the received bearer token is valid and controls access to the service based on the token.

The bearer tokens generated by the Fenris Authentication Server are valid for 24 hours from the time they are issued, and when the token expires, the user must generate a new token by making another request to the Authorization Server.

You can read more about Bearer Authentication in detail here .

You can read more about different stratigies for refreshing your tokens in this blog post, How to Refresh OAuth2 Tokens the Smart Way: 4 Strategies for Fenris API Authentication. If you have any questions or concerns, please don't hesitate to reach out to our customer success team at customersuccess@fenrisd.com for support.

Code Samples

We provide example code for using Fenris' AWS Cognito-based authentication API to fetch a token for making later requests.

Python

import requests
import base64

client_id = "YOUR_CLIENT_ID"
client_secret = "YOUR_CLIENT_SECRET"

# Create the basic string by concatenating client_id and client_secret with a colon
basic_string = client_id + ":" + client_secret

# Encode the basic string in base 64
basic_string_encoded = base64.b64encode(basic_string.encode()).decode()

headers = {
    "Content-Type": "application/x-www-form-urlencoded",
    "Authorization": f"Basic {basic_string_encoded}"
}

data = {
    "grant_type": "client_credentials",
}

response = requests.post(
    "https://auth.fenrisd.com/realms/fenris/protocol/openid-connect/token",
    headers=headers,
    data=data
)

# Get the token from the response
token = response.json()["access_token"]

print(token)

JavaScript

const axios = require("axios");
const base64 = require("base64-js");

const client_id = "YOUR_CLIENT_ID";
const client_secret = "YOUR_CLIENT_SECRET";

// Create the basic string by concatenating client_id and client_secret with a colon
const basic_string = client_id + ":" + client_secret;

// Encode the basic string in base 64
const basic_string_encoded = base64.fromByteArray(new TextEncoder().encode(basic_string));

const headers = {
    "Content-Type": "application/x-www-form-urlencoded",
    "Authorization": `Basic ${basic_string_encoded}`
};

const data = {
    grant_type: "client_credentials",
};

axios
    .post(
        "https://auth.fenrisd.com/realms/fenris/protocol/openid-connect/token",
        data,
        { headers }
    )
    .then(response => {
        // Get the token from the response
        const token = response.data.access_token;
        console.log(token);
    })
    .catch(error => {
        console.log(error);
    });

Java

import java.io.IOException;
import java.util.Base64;

import org.apache.http.HttpEntity;
import org.apache.http.HttpHeaders;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

public class TokenFetcher {

    public static void main(String[] args) throws ClientProtocolException, IOException {
        String clientId = "YOUR_CLIENT_ID";
        String clientSecret = "YOUR_CLIENT_SECRET";
        
        // Create the basic string by concatenating client_id and client_secret with a colon
        String basicString = clientId + ":" + clientSecret;
        
        // Encode the basic string in base 64
        String basicStringEncoded = Base64.getEncoder().encodeToString(basicString.getBytes());
        
        HttpPost post = new HttpPost("https://auth.fenrisd.com/realms/fenris/protocol/openid-connect/token");
        post.setHeader(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded");
        post.setHeader(HttpHeaders.AUTHORIZATION, "Basic " + basicStringEncoded);
        
        StringEntity requestEntity = new StringEntity("grant_type=client_credentials");
        post.setEntity(requestEntity);
        
        try (CloseableHttpClient httpClient = HttpClients.createDefault();
            CloseableHttpResponse response = httpClient.execute(post)) {
            
            HttpEntity responseEntity = response.getEntity();
            String responseString = Entity.toString(responseEntity);
            // Extract the token from the response
            String token = extractTokenFromResponse(responseString);
            System.out.println(token);
        }
    }
    
    private static String extractTokenFromResponse(String response) {
        // Parsing the response string to extract the token
        // Code to extract the token goes here
    }
}

C

using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using Newtonsoft.Json;

// Create the basic string by concatenating client_id and client_secret with a colon
string basicString = clientId + ":" + clientSecret;

// Encode the basic string in base 64
var basicStringEncoded = Convert.ToBase64String(Encoding.ASCII.GetBytes(basicString));

using (var client = new HttpClient())
{
    client.DefaultRequestHeaders.TryAddWithoutValidation("Content-Type", "application/x-www-form-urlencoded");
    client.DefaultRequestHeaders.Add("Authorization", "Basic " + basicStringEncoded);
    client.DefaultRequestHeaders.Add("grant_type", "client_credentials");
    client.DefaultRequestHeaders.Add("client_id", clientId);

    var content = new FormUrlEncodedContent(new[]
    {
    new KeyValuePair<string, string>("grant_type", "client_credentials"),
});

    var response = await client.PostAsync("https://auth.fenrisd.com/realms/fenris/protocol/openid-connect/token", content);

    var responseString = await response.Content.ReadAsStringAsync();

    // Deserialize the response and extract the token
    Console.WriteLine(responseString);
}

Ruby

require 'net/http'
require 'json'
require 'base64'

client_id = "YOUR_CLIENT_ID"
client_secret = "YOUR_CLIENT_SECRET"

# Create the basic string by concatenating client_id and client_secret with a colon
basic_string = "#{client_id}:#{client_secret}"

# Encode the basic string in base 64
basic_string_encoded = Base64.strict_encode64(basic_string)

uri = URI("https://auth.fenrisd.com/realms/fenris/protocol/openid-connect/token")

req = Net::HTTP::Post.new(uri)
req.content_type = "application/x-www-form-urlencoded"
req.add_field("Authorization", "Basic #{basic_string_encoded}")
req.set_form_data("grant_type" => "client_credentials")

res = Net::HTTP.start(uri.hostname, uri.port, :use_ssl => uri.scheme == 'https') { |http|
  http.request(req)
}

# Extract the token from the response
token = JSON.parse(res.body)['access_token']
puts token

Authentication

Obtain a token.

Returns an authentication token.

header Parameters
Content-Type
string
Example: application/x-www-form-urlencoded
Authorization
string
Example: Basic<<BASIC_STRING>>

The BASIC_STRING is the Base-64 encoding of the cliient_id and client_secret separated by a colon. This is the standard token passed for Basic authentication with username replaced by client_id, and password replaced by client_secret. Many libraries will do this for you if you select basic authentication and set the username to your client_id and set the password to the client_secret.

Request Body schema: application/x-www-form-urlencoded
required
grant_type
required
string

The type of token to be granted.

Responses

Request samples

Content type
application/x-www-form-urlencoded
grant_type=client_credentials