Version 3.1 by messines on 2020/12/04 11:46
Hide last authors
messines 1.1 1 == Abstract ==
2
3 With IAM, you have the possibility to log in useing your client_id and your secret to generate an access token.
4
5 This can be partiuculary usefull in a tier application, you can use **//your_client //**to log in into your app but also then to reach our Drive and Collab API.
6
7
8 == Configure your OIDC Client ==
9
10 First thing to do is to configure your OIDC client as a Service account. You juste have to provide **"serviceAccountsEnabled" : true** in the définition of your client. Please have a look to this documentation know [[how to modify your oidc client.>>https://wiki.ebrains.eu/bin/view/Collabs/collaboratory-community-apps/Community%20App%20Developer%20Guide/1.%20Registering%20an%20OIDC%20client/]]
messines 2.1 11
12 {{code language="json"}}
messines 1.1 13 {
14 "defaultClientScopes" : [
15 "web-origins",
16 "roles"
17 ],
18 "redirectUris" : [
19 "/relative/redirect/path",
20 "/these/can/use/wildcards/*"
21 ],
22 ...,
23
24 ...,
25 "serviceAccountsEnabled" : true
26 }
messines 2.1 27 {{/code}}
messines 1.1 28
messines 3.1 29
30 == Generate an Access token using client credentials ==
31
32 ==== **Endpoint :** ====
33
34 https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token
35
36 ==== **Params :** ====
37
38 (% class="box" %)
39 (((
40 **Request Body**
41 grant_type: "client_credentials"
42 client_id: "clientId"
43 client_secret: "clientSecret"
44 scope: "The scopes you need and which are available in your client"
45 )))
46
47 {{code language="bash"}}
48
49 # Send the get access token request
50 curl -X POST https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token \
51 -H 'Content-Type: application/x-www-form-urlencoded' \
52 -d "grant_type=client_credentials&client_id=myclient&client_secret=mysecret&scope=email%20profile%20team%20group%20clb.wiki.read%20clb.wiki.write"
53
54 {{/code}}