Use your OIDC client as service account
Abstract
With IAM, you have the possibility of logging in and using your client_id and your secret to generate an access token.
This can be particularly useful to access another application. You can use your OIDC client to login to your app but also then to reach other services such as the Collaboratory Drive and Collaboratory API.
Configure your OIDC Client
The first thing to do is to configure your OIDC client as a service account. You just have to set "serviceAccountsEnabled" : true in the definition of your OIDC client as documented under How to modify your OIDC client.
"defaultClientScopes" : [
"web-origins",
"roles"
],
"redirectUris" : [
"/relative/redirect/path",
"/these/can/use/wildcards/*"
],
...,
...,
"serviceAccountsEnabled" : true
}
Generate an access token using client credentials
Next, you can generate an access token.
Endpoint:
https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token
Parameters:
Request Body
grant_type: "client_credentials"
client_id: "clientId"
client_secret: "clientSecret"
scope: "The scopes you need and which are available in your client"
Sample request:
curl -X POST https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "grant_type=client_credentials&client_id=myclient&client_secret=mysecret&scope=email%20profile%20team%20group%20clb.wiki.read%20clb.wiki.write"