V1 Munic.Connect SSO
V1 Munic.Connect SSO is version 1 of the Munic.Connect Single Sign-On (SSO) server using OAuth2 protocol that unifies end-user access to all Munic.io services.
The "Access Munic.io API services" documentation will help you to use your personal MunicConnect account to authenticate to a Munic.io service through its endpoint API. For fleet owners, using the APIs will help you to easily manipulate a large number of devices with your scripts.
The "MunicConnect in your app !" documentation will help you to integrate the MuniConnect signup and signin in your application to let the Munic.io ecosystem users easily join and use your service.
Access Munic.io API services ¶
Asset visibility ¶
Currently visibility is managed by the Munic.io Dashboard. As such you must be an API user on the dashboard to use these apis, ask your technical account manager. You will be able to access data for the assets and asset groups you have access to on the dashboard.
Obtaining an access token ¶
To authenticate to a Munic.io API endpoint, you first need to obtain a MunicConnect access token related to a user account, usually, yours. Username and password are the credentials used to sign in to your MunicConnect account.
Example
curl -H 'Accept: application/json' -F grant_type=password \
-F username={USERNAME} -F password={PASSWORD} \
-X POST https://connect.munic.io/oauth/tokenResponse (200 OK)
[
{
"access_token":"2c622a0eec6c07d20e28bc8eeccd33b679dc15cee3f6d457140...",
"token_type":"bearer",
"expires_in":7200,
"refresh_token":"bfc24f6e1fe8674feb2bd92f0b13127e4aa2f50f6292360b20...",
"scope":"public",
"created_at":1520860589
}
]Remember, the token is valid 2 hours. Once the timeout is reached your application will have to ask for a new token using the refresh token given with the access token.
Use of the access token ¶
With your access token, you are now able to use a Munic.io service API. You will have to provide this bearer token through a header attribute - Authorization - in all of your requests. This http authentication scheme is called Bearer authentication.
Authorization: Bearer your_access_tokenMunicConnect in your app ! ¶
Getting started ¶
You first need to register your application on Munic.Connect: registration my application.
Then, get your client_id, client_secret and redirect_uri which are available from the applications page.
Then, the following steps can be followed in order to authenticate the users on your application.
Developers
OAuth2 is a well known protocol, you should be able to find a library for your language, here are some examples:
Jwt token ¶
Munic.Connect generated JWT token. In the rest of this documentation, all examples use a shorter token. A real token is formatted like this :
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsInByb3ZpZGVyIjoibXVuaWMifQ.eyJpc3MiOiJod
HRwczovL2Nvbm5lY3QubXVuaWMuaW8iLCJpYXQiOjE1MzA3OTk5NDcsImp0aSI6IjA1NmFjNDY2L
WEwYzAtNDYyZS05ZTAxLTNmMGNkZGIzM2FhOSIsImV4cCI6MTUzMDgwNzE0Niwic2NvcGUiOiJwd
WJsaWMiLCJ1c2VyIjp7InVpZCI6ImIyNzQyNzM2LWU1MzctOTk5OS1iZDYxLTc4NGI3Njc1OWRmN
yIsImVtYWlsIjoidXNlckBlbWFpbC5jb20ifX0.qfxF8C2qR-VOUIPEetTAGysnkfgnZR1Uqu-Ov
sSJ2YoIf you decode this token you will obtain information about the user who requested the token.
headers:
{
"alg": "HS256",
"typ": "JWT",
"provider": "munic"
}
payload:
{
"iss": "https://connect.munic.io",
"iat": 1530799947,
"jti": "056ac466-a0c0-462e-9e01-3f0cddb33aa9",
"exp": 1530807146,
"scope": "public",
"user": {
"uid": "b2742736-e537-9999-bd61-784b76759df7",
"email": "user@email.com",
"full_name": "User"
}
}Developers
You should be able to find a library for your language to decode and verify jwt tokens, here are some examples:
To test and find more libraries you can use : https://jwt.io/
Our JWT tokens are encoded using the RS256 ALGORITHM. You will need the following public KEY to verify Munic.connect tokens :
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgH1o4e685fptpO3HT90
hgOLPO5eIkzsef4A21oxHWL66a/2vxiqxUR2cF5cdktxZRk8jE3sYKV7NlsqlYyt
QduiEpcm4VsulOM5AeUXfbegz4hzVjYSUMpk5kDm5CxfLhOU5q8KSMpaDpftyglw
Y3YeiQw5FWvdZ9VlcIRr9NznohXsUyqjt8yV8vhohHcOMM6bcPWrajEnlciS30qf
38QHaaTRa3J9i0wO3+SC+v8/g2pmjvUN7Hs6o9fj+HopjbyDWB0VZ+WqTuC/Hfrk
rRTnuHlv1rG9zQoyxP6tgpKI87lY+fFThd0wachsK5fNoA/0s9x0Ity5YkvFyQrt
XwIDAQAB
-----END PUBLIC KEY-----Redirect users to request Munic.Connect access ¶
With this action you can get the authorization related to your application for a user.
GET https://connect.munic.io/oauth/authorize{?client_id,redirect_uri,
response_type}URI Parameters
| Name | Type | Description |
|---|---|---|
| client_id | string | Unique application ID you received from registration. |
| redirect_uri | string | URL from your application the user will be redirected to once authenticate. |
| response_type | string | Type of authorization wanted, to get a token it will always be ‘code’. |
An authentication step is needed, the user must sign-in with their Munic.Connect account. After login, Munic.Connect asks the user whether he is willing to grant the permissions that your application is requesting.
With the redirection, you will get an access code uri attribute for your application that can then be used to get an OAuth2 token.
?code=021f3859afb079f0bbcce0e6989dbba4012f7af734cdbf89c82812ee4f750099Obtain an access token ¶
You can get a token for your authorized application with this action.
POST https://connect.munic.io/oauth/token{?client_id,client_secret,code,
grant_type,redirect_uri}URI Parameters
| Name | Type | Description |
|---|---|---|
| client_id | string | Unique application id you received from registration. |
| client_secret | string | Secret key associated with your OAuth2 Application. |
| code | string | Access code associated with your authorization, retrieve from the previous step. |
| grant_type | string | Grant type access wanted, to get a token it will always be authorization_code. |
| redirect_uri | string | Redirect URI associated with your OAuth2 Application. The URI is only used here to associate the token with the correct OAuth2 application. As this is an API call, there is no redirection. |
The validity of the token is 2 hours. Once the timeout is reached your application will have to ask for a new token using the refresh token given with the access token.
With the POST action you will get a new token. The answer will contain the following attributes:
| Name | Type | Description |
|---|---|---|
| access_token | string | OAuth2 token given by the Munic.Connect server. |
| token_type | string | Type of token, will always be bearer |
| expires_in | integer | Validity time of the token. |
| refresh_token | string | Refresh token associated with your access token, once your access token expires, you will be able to get a new one without needing the user to authenticate again. This refresh token will allow you to get a new access token. |
| scope | string | Scope associated with the access token. The different scopes are separated by spaces. For example you can have ‘read write’ |
| created_at | integer | Time since epoch of the creation of the access token. |
Example
{
"access_token": "dda34d48b088d6e9f79fa3593ed467b249455eb8ba4baa7ed8ab...",
"refresh_token": "260f5edb10d9b46d348375b1f281b20c0a901de84882caad4a8...",
"token_type": "bearer",
"expires_in": 60,
"scope": "read",
"created_at": 123456789
}Refresh the access token, if necessary ¶
You can get a token using a refresh token previously retrieved. The validity of the token is 2 hours. Once the timeout is reached your application will have to ask for a new token using the refresh token given with the access token.
POST https://connect.munic.io/oauth/token{?client_id,client_secret,
refresh_token,grant_type,redirect_uri}URI Parameters
| Name | Type | Description |
|---|---|---|
| client_id | string | Unique application id you received from registration. |
| client_secret | string | Secret key associated with your OAuth2 Application. |
| grant_type | string | Grant type access wanted. To get a token using a refresh token, it will always be refresh_token. |
| redirect_uri | string | Redirect URI associated with your OAuth2 Application. The URI is only used here to associate the token with the correct OAuth2 application. As this is an API call, there is no redirection. |
With the POST action you will get a new token. The answer will contain the following attributes:
| Name | Type | Description |
|---|---|---|
| access_token | string | OAuth2 token given by the Munic.Connect server. |
| token_type | string | Type of token, will always be bearer |
| expires_in | integer | Validity time of the token. |
| refresh_token | string | Refresh token associated with your access token, once your access token expires, you will be able to get a new one without needing the user to authenticate again. This refresh token will allow you to get a new access token. |
| scope | string | Scope associated with the access token. The different scopes are separated by spaces. For example you can have ‘read write’ |
| created_at | integer | Time since epoch of the creation of the access token. |
Example
{
"access_token": "aa45d78e45b55549f79fa3593ed467b2494501de84882caad4...",
"refresh_token": "4875ab55f447c44d348375b1f281b20c0a901de7444ba7a7f...",
"token_type": "bearer",
"expires_in": 60,
"scope": "read",
"created_at": 123463999
}User ¶
Resources related to a User.
Global information ¶
A User resource has the following attributes:
-
uid - string - unique user id in UUID format. This unique user id must be the primary key for all the services associated with Munic.Connect
-
full_name - string
-
email - string
-
language - string
View a User DetailGET/api/v1/users/me{?access_token}
You can see user details using this action.
Example URI
- access_token
string(required) Example: aa45d78e45b55549f79fa3593ed467b2494501de84882caad4a867ccab8c281b2The OAuth2 access token retrieved from Munic.Connect after the authentication of the user.
Headers
Content-Type: application/json200Headers
Content-Type: application/jsonBody
{
"uid": "fd907347-67c9-4c0c-9452-bffc1d06a4af",
"full_name": "Robert Tulali",
"email": "robert.tulali@yoyo.com",
"language": "english"
}