Attention: The Collaboratory IAM will down for up to 1 hour on Monday, the 7th of July 2025 starting from 5pm CEST (my timezone) for up to 1 hour. Any and all services, which require a user login with an EBRAINS account, will be un-available during that time


Use your OIDC client as service account

Version 3.1 by messines on 2020/12/04 11:46

Abstract

With IAM, you have the possibility to log in useing your client_id and your secret to generate an access token.

This can be partiuculary usefull in a tier application, you can use your_client to log in into your app but also then to reach our Drive and Collab API.

Configure your OIDC Client

First thing to do is to configure your OIDC client as a Service account. You juste have to provide "serviceAccountsEnabled" : true in the définition of your client. Please have a look to this documentation know how to modify your oidc client.

{
  "defaultClientScopes" : [
     "web-origins",
     "roles"
   ],
  "redirectUris" : [
     "/relative/redirect/path",
     "/these/can/use/wildcards/*"
   ],
  ...,

  ...,
  "serviceAccountsEnabled" : true
}

Generate an Access token using client credentials

Endpoint :

https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token

Params :

Request Body
grant_type: "client_credentials"
client_id: "clientId"
client_secret: "clientSecret"
scope: "The scopes you need and which are available in your client"


# Send the get access token request
curl -X POST https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token \
 -H 'Content-Type: application/x-www-form-urlencoded' \
 -d "grant_type=client_credentials&client_id=myclient&client_secret=mysecret&scope=email%20profile%20team%20group%20clb.wiki.read%20clb.wiki.write"