Update your client to enable Device Flow
Not available through the UI yet, use the lab notebook
Add an attribute to the client JSON and update it
"attributes": {
"oauth2.device.authorization.grant.enabled": true
}
Request a code
curl --location --request POST 'https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth/device'; \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=your-client' \
--data-urlencode 'client_secret=your-secret' \
Secret is not require for public client.
The API will answer with a link
"device_code":"0zQm[...]e5h5kUvNYx0",
"user_code":"IWBR-DDY",
"verification_uri":"https://iam.ebrains.eu/auth/realms/hbp/device",
"verification_uri_complete":"https://iam.ebrains.eu/auth/realms/hbp/device?user_code=IWBR-DDYK",
"expires_in":600,
"interval":5
}
Visit the link to validate your code
Here you just need to visit the link in verification_uri_complete to validate your login and consent
Request your access token
Now you just need to request your access token, you need to enter the device_code provided in the first call above
curl --location --request POST 'https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token'; \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'device_code=0zQm[...]e5h5kUvNYx0' \
--data-urlencode 'client_id=your-client' \
--data-urlencode 'client_secret=your-secret' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:device_code'