> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/server/fr/knowledge-base/how-to-articles/obtain-rest-api-access-in-a-user-context.md). # Obtenir l'accès à l'API REST dans un contexte utilisateur Pour certains scénarios, vous pourriez avoir besoin d'obtenir l'accès à l'API REST dans un contexte utilisateur en utilisant le flux d'autorisation de périphérique. Les étapes de configuration ont été documentées en PowerShell, mais tout autre langage convient. Voici comment cela fonctionne : 1. Interrogez le point de terminaison de configuration OpenID connu pour récupérer les points de terminaison de jeton et d'autorisation de périphérique du serveur : ```powershell try { $wellKnownResponse = Invoke-RestMethod -Method Get -Uri $wellKnownEndpoint $tokenEndpoint = $wellKnownResponse.token_endpoint $deviceCodeEndpoint = $wellKnownResponse.device_authorization_endpoint } catch { Write-Error "Error obtaining server information" exit } ``` 2. Envoyez une requête au point de terminaison d'autorisation de périphérique pour obtenir un code de périphérique, un code utilisateur, une URL de vérification et une URL de vérification complète, ainsi que des détails concernant la durée de validité des codes et la fréquence de vérification. Ensuite, ouvrez un navigateur vers l'URL de vérification complète, ou demandez à l'utilisateur de saisir manuellement son code utilisateur et d'approuver la demande d'accès au périphérique : ```powershell $body = "client_id=$clientId&scope=$([uri]::EscapeDataString($scope))" try { $deviceCodeResponse = Invoke-RestMethod -Method Post -Uri $deviceCodeEndpoint ` -ContentType "application/x-www-form-urlencoded" -Body $body } catch { Write-Error "Failed to obtain device code: $_" exit } # Extract values from the response (field names may vary by provider) $device_code = $deviceCodeResponse.device_code $user_code = $deviceCodeResponse.user_code $verification_uri = $deviceCodeResponse.verification_uri $verification_uri_complete = $deviceCodeResponse.verification_uri_complete $interval = 10 # in seconds $expires_in = $deviceCodeResponse.expires_in # in seconds # Provide a default interval if none was returned or if it's zero/null if (-not $interval -or $interval -eq 0) { $interval = 5 Write-Host "Interval not provided or invalid; defaulting to $interval seconds." } # Instead of instructing the user, open the browser to the verification_uri_complete if ($verification_uri_complete) { Write-Host "Opening browser for device authorization..." Start-Process $verification_uri_complete } else { Write-Host "verification_uri_complete not provided. Please manually go to $verification_uri and enter the code: $user_code" } ``` 3. Démarrez une boucle qui envoie périodiquement une requête au point de terminaison de jeton avec le code de périphérique et l'identifiant client, jusqu'à ce que le serveur retourne un jeton d'accès : ```powershell $startTime = Get-Date $tokenResponse = $null while (((Get-Date) - $startTime).TotalSeconds -lt $expires_in) { Start-Sleep -Seconds $interval try {# Build the POST body to exchange the device code for an access token $tokenBody = "grant_type=urn:ietf:params:oauth:grant-type:device_code&client_id=$clientId&device_code=$device_code" $tokenResponse = Invoke-RestMethod -Method Post -Uri $tokenEndpoint -ContentType "application/x-www-form-urlencoded" -Body $tokenBody if ($tokenResponse.access_token) { Write-Host "Access token obtained:" $tokenResponse.access_token break } } catch {# Instead of reading the response content (which may be disposed), use the exception message. $errorMessage = $_.Exception.Message # Check if the exception message indicates that authorization is still pending. if ($errorMessage -match "authorization_pending") { Write-Host "Authorization pending..." continue } else { Write-Error "Error during token polling: $errorMessage" break } } } if (-not $tokenResponse -or -not $tokenResponse.access_token) { Write-Host "Failed to obtain an access token or authorization expired." } ``` 4. Au besoin, utilisez le jeton d'actualisation obtenu à l'étape 1 pour demander un nouveau jeton au point de terminaison de jeton, assurant ainsi un accès continu à l'application : ```powershell $body = "grant_type=refresh_token&authorization=bearer $($tokenResponse.access_token)&refresh_token=$($tokenResponse.refresh_token)&client_id=dvls" try { $refreshResponse = Invoke-RestMethod -Method Post -Uri $tokenEndpoint -ContentType "application/x-www-form-urlencoded" -Body $body if ($refreshResponse.access_token) { Write-Host "Access token obtained:" $tokenResponse.access_token break } } catch { Write-Error "Failed to obtain device code: $_" exit } ``` {% hint style="info" %} Consultez la [documentation d'Okta](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow) pour plus d'informations sur le flux d'autorisation de périphérique. {% endhint %} ### Voir aussi * [Documentation de l'API REST](https://docs.devolutions.net/fr/server/web-interface/utilities/api-documentation/) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devolutions.net/server/fr/knowledge-base/how-to-articles/obtain-rest-api-access-in-a-user-context.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.