The 3-legged sandbox France API gives you the ability to test the use of the Orange Authentication API for authenticating customers on your service. You will need the end-user's consent in order to access his information. A dedicated UI is provided with the API.
Before starting
The 3-legged sandbox France API requires a 3-legged authentication with our OpenID Connect platform. Please follow the method described here with the scope profile_sandbox to get an access token.
Retrieve dummy user data
You can now use the access token to invoke the 3-legged sandbox France API. The access token must be provided in the HTTP Authorization header :
curl -X GET \
-H "Authorization: Bearer OFR-948ef...d5de1f4" \
https://api.orange.com/3legged/sandbox/fr/v1/userinfo/ This request returns JSON data containing information about the authenticated user :
{
"sub": "OKLEYM-200-jmG3LMZJplbXeIvGdak5biSVEi7oga+ig1TpmF8X22g=",
"name": "John Doe",
"family_name": "Doe",
"given_name": "John",
"email": "john@doe.com",
"phone_number": "+33610090807",
"formatted": "42 rue du Test 75042 Paris",
"locality": "Paris",
"street_address": "42 rue du Test",
"postal_code": "75042",
"country": "France",
"updated_at": "2020-05-19T15:23:28.886Z",
"subscriber_msisdn": "+33607080910",
"locale": "fr_FR",
"gender": "male",
"birthdate": "2001-12-31"
} The sub field contains a unique and persistent user identifier, specific to your application. The name field contains the declarative display name of the dummy end-user.
Examples :
Once the authorization code is obtained
curl -X GET -H "Authorization: Bearer OFR-948ef...d5de1f4"
"https://api.orange.com/3legged/sandbox/fr/v1/userinfo/" HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
{
"sub": "OKLEYM-200-jmG3LMZJplbXeIvGdak5biSVEi7oga+ig1TpmF8X22g=",
"name": "John Doe",
"family_name": "Doe",
"given_name": "John",
"email": "john@doe.com",
"phone_number": "+33610090807",
"formatted": "42 rue du Test 75042 Paris",
"locality": "Paris",
"street_address": "42 rue du Test",
"postal_code": "75042",
"country": "France",
"updated_at": "2020-05-19T15:23:28.886Z",
"subscriber_msisdn": "+33607080910",
"locale": "fr_FR",
"gender": "male",
"birthdate": "2001-12-31"
} In case of error, you will receive a specific response. Following, an example of error :
HTTP/1.1 401 Unauthorized
WWW-Authenticate: error="invalid_token", error_description="The Access Token expired" In these error cases, a new access token must be requested again starting from the "requesting authorization code" step or by using a refresh token.
In case the end-user has not consented to the use of his resources, the error will be :
HTTP/1.1 403 Forbidden
Content-Type:application/json
{
"error": "insufficient_scope", "error_description": "No user info scope was authorized"
}