Wiki source code of Using your OIDC client as a service account
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | |||
| 2 | |||
| 3 | == Abstract == | ||
| 4 | |||
| 5 | With IAM, you have the possibility of logging in and using your client_id and your secret to generate an access token. | ||
| 6 | |||
| 7 | This can be particularly useful to access another application. You can use your OIDC client to login to your app but also then to reach other services such as the Collaboratory Drive and Collaboratory API. | ||
| 8 | |||
| 9 | == Configure your OIDC Client == | ||
| 10 | |||
| 11 | The first thing to do is to configure your OIDC client as a service account. You just have to set **"serviceAccountsEnabled" : true** in the definition of your OIDC client as documented under [[How to modify your OIDC client.>>https://wiki.ebrains.eu/bin/view/Collabs/collaboratory-community-apps/Community%20App%20Developer%20Guide/1.%20Registering%20an%20OIDC%20client/]] | ||
| 12 | |||
| 13 | {{code language="json"}} | ||
| 14 | { | ||
| 15 | "defaultClientScopes" : [ | ||
| 16 | "web-origins", | ||
| 17 | "roles" | ||
| 18 | ], | ||
| 19 | "redirectUris" : [ | ||
| 20 | "/relative/redirect/path", | ||
| 21 | "/these/can/use/wildcards/*" | ||
| 22 | ], | ||
| 23 | ..., | ||
| 24 | |||
| 25 | ..., | ||
| 26 | "serviceAccountsEnabled" : true | ||
| 27 | } | ||
| 28 | {{/code}} | ||
| 29 | |||
| 30 | == Generate an access token using client credentials == | ||
| 31 | |||
| 32 | Next, you can generate an access token. | ||
| 33 | |||
| 34 | ==== Endpoint: ==== | ||
| 35 | |||
| 36 | [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token]] | ||
| 37 | |||
| 38 | ==== Parameters: ==== | ||
| 39 | |||
| 40 | **Request Body** | ||
| 41 | grant_type: "client_credentials" | ||
| 42 | client_id: "clientId" | ||
| 43 | client_secret: "clientSecret" | ||
| 44 | scope: "The scopes you need and which are available in your client" | ||
| 45 | |||
| 46 | ==== Sample request: ==== | ||
| 47 | |||
| 48 | {{code language="bash"}} | ||
| 49 | # Request to get an access token | ||
| 50 | curl -X POST https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token \ | ||
| 51 | -H 'Content-Type: application/x-www-form-urlencoded' \ | ||
| 52 | -d "grant_type=client_credentials&client_id=myclient&client_secret=mysecret&scope=email%20profile%20team%20group%20clb.wiki.read%20clb.wiki.write" | ||
| 53 | |||
| 54 | {{/code}} | ||
| 55 | |||
| 56 | (% class="wikigeneratedid" id="HH4Won27tAppearinToC" %) | ||
| 57 |