Access Management
Get Started
4. Get an Access Token
🌟 key concept an access token docid\ j0pcqhmmkqigzbckmniu9 is a credential granted by the authorization server that allows client applications to access protected resources from a resource server this example setup shows how clients can request, get, and use an access token from the identos authorization server todo add overview diagram with step emphasized this setup will todo introduce example prerequisites you've created the example resource server from 1 create a basic resource server docid 43vmg opg9qs9umq0 j8t you've created the example resource from 2 create a basic resource docid\ ba8inrcxegve9zyr7gjuh you've created the example client from 3 create a basic client docid\ pmyncndy11xup3afhp7 8 step by step setup to get an access token from the authorization server, we'll need to request an access token from the authorization server get an access token from the authorization server's response since we've already authorized our client to access the blood glucose level resource type, it doesn't need additional consent or authorization from an end user as a result, all the client has to do is request an access token from the authorization server, as outlined below request an access token run the api call below to request an access token with the read scope from the authorization server curl x post location '{{as admin uri}}/oauth2/token' \\ h 'content type application/json' \\ h 'authorization basic znb4c3a6c2vjcmv0' \\ d '{ "grant type" "client credentials", "scope" "alec laws" #read? }' \# no need for client authentication? grant type=client credentials \&client id=xxxxxxxxxx \&client secret=xxxxxxxxxx get an access token a successful response from the authorization server will include the access token in the access token property, as well as other details such as when the access token expires ( expires in ) and what the available scopes are ( scope ) http/1 1 200 ok content type application/json cache control no store { "access token" "eyj0exaioijkv1qilcjhbgcioijiuzi1nij9 eyjhdwqioijodhrwolwvxc9sb2nhbghvc3q6oda4niisinn1yii6ikj1y1izagnnndnrwuhobjyxn2psuetuzw1is0j4afg1dnpxzmx5mg9psknfvkizwel1nmnycvrreufpr3rwmwiilcjyzxnvdxjjzv9vd25lcii6ijbhndhmnta5lwy0mjgtndzjni04zwi5ltrkotywowmwmtzmyiisimlzcyi6imh0dha6xc9cl2xvy2fsag9zddo4mdg0iiwicmvzb3vyy2vfawqioijvcgvuawqilcjncmfudgvkx3njb3blcyi6wyjyzwfkil0sinr5cguioijwzxjtaxnzaw9uiiwizxhwijoxnju4mjmwnzmzlcjjbgllbnrfawqioijvyxv0af91bwffy2xpzw50in0 fhwgotfg0k06l1vhnasc pkz8olcub7clubjwdssihs", "expires in" 3599, "token type" "bearer", "refresh token" "e0dd0169 36a9 4cf4 b30a 3b78c6162bc3", "scope" "read" } use the access token (optional) tbd (create example api call using access token for auth) tbd next steps ✅ you just got a basic access token from the authorization server! next step proceed to 5 enable consent management docid\ egg ifn07igbqrzouzgwn to learn how to add user consent to the authorization flow you just created learn more read the get an access token docid\ k03h8efr3ugjwxbxdosmh guide to learn more about getting access tokens from the authorization server simple oauth client w/ client credntials grant type insert into oauth client (id, version, date created, last updated, client id, client name, oauth client oauth client metadata id) values (4, 0, '2024 04 12 01 03 36', '2024 04 12 01 03 36', 'fpxsp', 'fpx service provider', 4); insert into oauth client metadata (id, version, date created, last updated, issuer uri, client authentication type, client type, grant types, jwks raw, jwks uri, meta data raw, allowed scopes, client secret) values (4, 0, '2024 04 12 01 03 36 321000', '2024 04 12 01 03 36 321000', 'https //fpxsp dev identos ca', 'client secret basic', 'confidential', 'client credentials', null, null, null, 'uma protection alec laws', 'secret'); insert into oauth client redirect uris (oauthclient id, redirect uris) values (4, 'https //fpxsp dev identos ca'); curl x post location http //localhost 8081/oauth2/token \\ h 'content type application/json' \\ h 'authorization basic znb4c3a6c2vjcmv0' \\ d '{ "grant type" "client credentials", "scope" "alec uma protection" }' curl x post location http //localhost 8081/oauth2/token \\ h 'content type application/json' \\ h 'authorization basic znb4c3a6c2vjcmv0' \\ d '{ "grant type" "client credentials", "scope" "alec laws" }' {"access token" "eyjrawqioijyc2exiiwidhlwijoislduiiwiywxnijoiulmyntyifq eyjzdwiioijmchhzccisinnjb3blijoiywxlyybsyxdziiwiaxnzijoiahr0cdovl2xvy2fsag9zddo4mdgxiiwizxhwijoxnzeyotm0otkylcjpyxqioje3mti5mzezotisimp0asi6imjhytg5mzixlwjmmtutnduyos1hodnlltk3m2mxzwu2ogrimyj9 nqal8cas6rivndrj2gusaen j4grjis23v nne8bccaprjq5jy4xjm7z 7bxa9elurilbfc 32df qrdqagno6kh9whxupxzo1bzszx7ncndfnptk iyobeqekdkdlixtnlq98z4in uqj uwd7lz hfpvoxov6nwhs0f6aeqhzo0p05xb6gimeczf jp8ilzajefhyq8ilq11wpq6ji1rxfvitrilyrp252ep2vyicx7 ls9kk fswj2 dxp2f iicqwwy70dtodumhfc5lmfi 5fevwng6gqnjd79ktizv6jtdhbsk loglsrkyyje ln8qghacvwhj5l4ai1yw","expires in" 3599,"token type" "bearer","scope" "alec laws"}% curl x post location http //localhost 8081/oauth2/token \\ h 'content type application/json' \\ h 'authorization basic znb4c3a6c2vjcmv0' \\ d '{ "grant type" "client credentials", "scope" "alec not my scope" }' >> error invalid scope