Abstract
With IAM, you have the possibility to log in useing your client_id and your secret to generate an access token.
This can be partiuculary usefull in a tier application, you can use your_client to log in into your app but also then to reach our Drive and Collab API.
Configure your OIDC Client
First thing to do is to configure your OIDC client as a Service account. You juste have to provide "serviceAccountsEnabled" : true in the définition of your client. Please have a look to this documentation know how to modify your oidc client.
{
"defaultClientScopes" : [
"web-origins",
"roles"
],
"redirectUris" : [
"/relative/redirect/path",
"/these/can/use/wildcards/*"
],
...,
...,
"serviceAccountsEnabled" : true
}
"defaultClientScopes" : [
"web-origins",
"roles"
],
"redirectUris" : [
"/relative/redirect/path",
"/these/can/use/wildcards/*"
],
...,
...,
"serviceAccountsEnabled" : true
}
Generate an Access token using client credentials
Endpoint :
https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token
Params :
Request Body
grant_type: "client_credentials"
client_id: "clientId"
client_secret: "clientSecret"
scope: "The scopes you need and which are available in your client"
# Send the get access token request
curl -X POST https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "grant_type=client_credentials&client_id=myclient&client_secret=mysecret&scope=email%20profile%20team%20group%20clb.wiki.read%20clb.wiki.write"