If your organization uses an OAUTH identity provider, you must include a vCloud Director OAUTH token in the Authorization header of a vCloud API session request.
As shown in Create a Session Using OAuth Authentication, this header must include a Base64-encoded token and the name of your organization.
Authorization: Bearer Base64-encoded-OAuth-token; org=org-name
The vCloud Director OAUTH token is a JSON object, formatted in a dot-delimited tuple with three parts. The first part is the JSON Web Signature (JWS) header, the second part is the claims set, and the third part is the signature.
JWS-header.claims-set.signature
Details of typical section contents are shown in the following examples.
This is a decoded example of a vCloud Director JWS header.
{ "alg":"RS256", "jwk":{ "e":"AQAB", "n":"gE4nbfCK13jhBJ5FAEX2X5kbk57pN_NUXpt0nMdJIO80iA2Vw5q-gfJcjUw16Z8ewr3FkcHW0Xl4sRUUR01B_abUz3iuSaxBFSvwjwVqIg6NcUSGHEr9W98_tZhZ30VUomkx_90CTQao1KCQ7hBwEa3OC2NOHugz26xKQg7yBzM", "kty":"RSA", "x5c":[ "MIICY...8BoHaP1ek3" ], "kid":"rsakeyid" } }
This is a decoded example of a vCloud Director claims set.
{ "jti":"36f1c260-de3f-4495-9b2c-7ff93b668256", "sub":"9ed644f2-f234-45d5-b52d-73e5888cadedoauthuser", "uname":"9ed644f2-f234-45d5-b52d-73e5888cadedoauthuser", "email":"[email protected]", "cid":"7a18dead-2541-4cc3-adb5-9effa248ddd1", "sg_id":[ "4cfac1fc-8aa9-42c9-8669-10d71894f5ec", "56c42109-4486-4aaf-905f-f18a9566bc52", "8ae2800a-7fdb-4da7-9b17-545bf8682971" ], "tvr":"2.0", "iat":1414418390, "exp":1429126826, "nbf":1429119626, "iss":"https://oauth.vcloud.example.com/oauth/token", "authz":{ "com_example_vcloud_compute":{ "instances":{ "34691574-7ccd-4fc1-b940-0bd2388bf3a5":{ "roles":[ "Organization Administrator" ] }, "48df38a4-aec8-4a34-b25a-b8f372bd8c33":{ "roles":[ "Organization Administrator" ] } } } } }