Connection

There are tow way to use HIGHWAY services:

  1. Via session login.

  2. Via API with a Token.

Via session login.

For this, you will navigate to all visual service or our main page HIGHWAY.esa.int and then find in the top right the login button.

This will redirect you to our SSO application.

You can enter your login and password or choose to login via DESP IAM.

Then you are redirected to the application logged.

Via API with a Token.

To connect with an API, you will need some line of code. Here is an exemple with Python. There are distinct way if you are HIGHWAY direct User or if you register from an Identity provider.

HIGHWAY Users

For the connection you have to use the client_id highway-public

curl --location 'https://highway.esa.int/sso/auth/realms/highway/protocol/openid-connect/token' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data-urlencode 'grant_type=password' \
 --data-urlencode 'client_id=highway-public' \
 --data-urlencode 'username=your_username' \
 --data-urlencode 'password=your_password'

The answer will give you an access access_token

DESP Users

For DESP User the process is distinct. The user need to create a token in DESP IAM and then register it in HIGHWAY. Python code for DESP connection exemple

Includes and params

You need to update the username and password.

from urllib.parse import parse_qs, urlparse
import lxml.html as html
import requests
import json

USERNAME = "USERNAME"
PASSWORD = "PASSWORD"

# DESP params
DESP_IAM_URL = "https://auth.destine.eu/realms/desp/protocol/openid-connect"
DESP_CLIENT_ID = "highway-public"

# HIGHWAY params
HIGHWAY_REDIRECT_URL = "https://highway.esa.int/sso/auth/realms/highway/broker/DESP_IAM_PROD/endpoint"
HIGHWAY_TOKEN_URL = "https://highway.esa.int/sso/auth/realms/highway/protocol/openid-connect/token"
HIGHWAY_CLIENT_ID = "highway-public"
AUDIENCE = "highway-public"

create a session in DESP IAM

get_params = {
    "client_id": HIGHWAY_CLIENT_ID,
    "redirect_uri": HIGHWAY_REDIRECT_URL,
    "scope": "openid",
    "response_type": "code",
}

session = requests.Session()

auth_url = html.fromstring(
    session.get(
        url=DESP_IAM_URL + "/auth",
        params=get_params,
    ).content.decode()
).forms[0].action

print(f"auth url: {auth_url}")

post_data = {"username": USERNAME, "password": PASSWORD}
session_post = session.post(auth_url, data=post_data, allow_redirects=False)

# get authorization code
code = parse_qs(
    urlparse(
        session_post.headers["Location"]
    ).query
)["code"][0]

print(f"authorization code: {code}")

Generate a token in DESP IAM

post_data = {
    "client_id": HIGHWAY_CLIENT_ID,
    "redirect_uri": HIGHWAY_REDIRECT_URL,
    "code": code,
    "grant_type": "authorization_code",
}

# get access token
tokens = session.post(
    DESP_IAM_URL + "/token", data=post_data
).json()
access_token = tokens["access_token"]
print(f"access token: {access_token}")

Register the DESP token in HIGHWAY KeyCloak and generate a token from HIGHWAY


data = {
    "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
    "subject_token": access_token,
    "subject_issuer": "DESP_IAM_PROD",
    "subject_token_type": "urn:ietf:params:oauth:token-type:access_token",
    "client_id": HIGHWAY_CLIENT_ID,
    "audience": AUDIENCE,
}

response = requests.post(HIGHWAY_TOKEN_URL, data=data)
highway_token = json.loads(response.content)['access_token']

print(f"HIGHWAY TOKEN: {highway_token}")

after this you can yse your highway_token in your request header.