.wpb_animate_when_almost_visible { opacity: 1; }
3-legged sandbox
this sandbox offer aims at testing 3-leg integration
1.0
Use this API

The 3-legged sandbox France API gives you the ability to test the use of the Orange Authentication API for authenticating customers on your service. You will need the end-user's consent in order to access his information. A dedicated UI is provided with the API.

Before starting

The 3-legged sandbox France API requires a 3-legged authentication with our OpenID Connect platform. Please follow the method described here with the scope profile_sandbox to get an access token.

Retrieve dummy user data

You can now use the access token to invoke the 3-legged sandbox France API. The access token must be provided in the HTTP Authorization header :

curl -X GET \
     -H "Authorization: Bearer OFR-948ef...d5de1f4" \
     https://api.orange.com/3legged/sandbox/fr/v1/userinfo/

This request returns JSON data containing information about the authenticated user :

{ 
    "sub": "OKLEYM-200-jmG3LMZJplbXeIvGdak5biSVEi7oga+ig1TpmF8X22g=",
    "name": "John Doe",
    "family_name": "Doe",
    "given_name": "John",
    "email": "john@doe.com",
    "phone_number": "+33610090807",
    "formatted": "42 rue du Test 75042 Paris",
    "locality": "Paris",
    "street_address": "42 rue du Test",
    "postal_code": "75042",
    "country": "France",
    "updated_at": "2020-05-19T15:23:28.886Z",
    "subscriber_msisdn": "+33607080910",
    "locale": "fr_FR",
    "gender": "male",
    "birthdate": "2001-12-31"
}

The sub field contains a unique and persistent user identifier, specific to your application. The name field contains the declarative display name of the dummy end-user.

Examples :

Once the authorization code is obtained

curl -X GET -H "Authorization: Bearer OFR-948ef...d5de1f4" 
"https://api.orange.com/3legged/sandbox/fr/v1/userinfo/" 
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache

{
    "sub": "OKLEYM-200-jmG3LMZJplbXeIvGdak5biSVEi7oga+ig1TpmF8X22g=",
    "name": "John Doe",
    "family_name": "Doe",
    "given_name": "John",
    "email": "john@doe.com",
    "phone_number": "+33610090807",
    "formatted": "42 rue du Test 75042 Paris",
    "locality": "Paris",
    "street_address": "42 rue du Test",
    "postal_code": "75042",
    "country": "France",
    "updated_at": "2020-05-19T15:23:28.886Z",
    "subscriber_msisdn": "+33607080910",
    "locale": "fr_FR",
    "gender": "male",
    "birthdate": "2001-12-31"
}

In case of error, you will receive a specific response. Following, an example of error :

HTTP/1.1 401 Unauthorized
WWW-Authenticate: error="invalid_token", error_description="The Access Token expired"

In these error cases, a new access token must be requested again starting from the "requesting authorization code" step or by using a refresh token.

In case the end-user has not consented to the use of his resources, the error will be :

HTTP/1.1 403 Forbidden
Content-Type:application/json

{
  "error": "insufficient_scope", "error_description": "No user info scope was authorized"
}