Can't have API auth

Hello openZiti Contributors,

Thank you for your incredible work on the OpenZiti!

I want to use the openziti's api for a school project and I'm new to OAuth 2.0 and could use some guidance:

  1. How do I obtain the Client ID and Secret?
  2. What are the authentication and token URLs?
    when testing on postman i get an error 'unauthenticated for invalid credentials'
    what I filled is the auth url like this : https://10.1.12.113:1280/oidc/authorize , access token url along with the scope.
    If you care to help please provide me a detailled way to do things
    thank u!

Hi @ismailbouhlel611, welcome to the community and to OpenZiti.

I'm not exactly sure what you're trying to accomplish nor why you're trying to use the oidc/authorize endpoint.

Are you getting into OpenZiti or OAuth in general? Seems like just in general? If that's the case, I'm not sure we can help you learn OAuth exactly but there's lots of great resources out there. Auth0 in particular has a bunch of interesting blogs about OAuth.

Are you asking for something specific from OpenZiti?

hello, thank u for replying.
I am not asking for something specific.
I am trying to use openziti api, the ones that don't need authentication work just fine while the others require oauth like presented in the documentation and i am not really sure how to use these apis so can you help figure this thing out.
Thank you!

OpenZiti's OIDC support is in alpha right now and it is specifically being added for controller high availability support. While I could direct you on how to enable it, it would not work well for general use at the moment. You are likely to encounter breaking bugs and other issues that may not be resolved in a timely fashion.

OpenZiti does have an authentication system outlined in its Open API 2.0 spec in the authenticate section. Authentication works the same way for both the Client API and the Management API.

In terms of source code there is also a low level generated client in the edge-apis repository and a general use library in the goland-sdk in golang-sdk/edge-api package.

For reference implementations see the golang-sdk/edge-api package with reference to legacyAuth. You can also find uses of that package in the rest of the golang-sdk repository. This the easiest path if you are using Go.

The OpenZiti CLI also has its own authentication implementation as it hasn't been moved over to use the libraries mentioned above yet. You can find that code in openziti/ziti/ziti/cmd/edge/login.go