4. Get an Access Token
🌟 Key Concept: An Access Token is a credential granted by the Authorization Server that allows Client applications to access protected Resources from a Resource Server.
This example setup shows how Clients can request, get, and use an Access Token from the IDENTOS Authorization Server.
TODO: Add overview diagram with step emphasized.
This setup will... TODO: Introduce example.
To get an Access Token from the Authorization Server, we'll need to...
- Request an Access Token from the Authorization Server.
- Get an Access Token from the Authorization Server's response.
Since we've already authorized our Client to access the blood-glucose-level Resource type, it doesn't need additional consent or authorization from an end user. As a result, all the Client has to do is request an Access Token from the Authorization Server, as outlined below.
Request an Access Token
Run the API call below to request an Access Token with the read scope from the Authorization Server.
Get an Access Token
A successful response from the Authorization Server will include the Access Token in the access_token property, as well as other details such as when the Access Token expires (expires_in) and what the available scopes are (scope).
Use the Access Token (Optional)
TBD (create example API call using access token for auth)
Next Steps
✅ You just got a basic Access Token from the Authorization Server!
- Next step: Proceed to 5. Enable Consent Management to learn how to add user consent to the authorization flow you just created.
- Learn more: Read the Get an Access Token guide to learn more about getting Access Tokens from the Authorization Server.
INSERT INTO oauth_client (id, version, date_created, last_updated, client_id, client_name, oauth_client_oauth_client_metadata_id) VALUES (4, 0, '2024-04-12 01:03:36', '2024-04-12 01:03:36', 'fpxsp', 'FPX Service Provider', 4); INSERT INTO oauth_client_metadata (id, version, date_created, last_updated, issuer_uri, client_authentication_type, client_type, grant_types, jwks_raw, jwks_uri, meta_data_raw, allowed_scopes, client_secret) VALUES (4, 0, '2024-04-12 01:03:36.321000', '2024-04-12 01:03:36.321000', 'https://fpxsp.dev.identos.ca', 'client_secret_basic', 'CONFIDENTIAL', 'client_credentials', NULL, NULL, NULL, 'uma_protection alec laws', 'secret'); INSERT INTO oauth_client_redirect_uris (OAuthClient_id, redirect_uris) VALUES (4, 'https://fpxsp.dev.identos.ca'); curl -X POST --location http://localhost:8081/oauth2/token \ -H 'Content-type: application/json' \ -H 'Authorization: Basic ZnB4c3A6c2VjcmV0' \ -d '{ "grant_type": "client_credentials", "scope" : "alec uma_protection" }' curl -X POST --location http://localhost:8081/oauth2/token \ -H 'Content-type: application/json' \ -H 'Authorization: Basic ZnB4c3A6c2VjcmV0' \ -d '{ "grant_type": "client_credentials", "scope" : "alec laws" }' {"access_token":"eyJraWQiOiJyc2ExIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJmcHhzcCIsInNjb3BlIjoiYWxlYyBsYXdzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxIiwiZXhwIjoxNzEyOTM0OTkyLCJpYXQiOjE3MTI5MzEzOTIsImp0aSI6ImJhYTg5MzIxLWJmMTUtNDUyOS1hODNlLTk3M2MxZWU2OGRiMyJ9.NQAL8cAs6rIVNdRj2gUSAeN-J4GRjIS23V_nNE8bccapRJq5jY4Xjm7Z-7bXA9ElURilbfC-32df_qRDqAgnO6kh9WHXuPXzo1BzSzx7NcndFnPTk_IyobEQeKdKDliXTnLq98z4In_UqJ-uWd7lz-HfPvoxov6nWHS0F6AeqhZO0P05Xb6gImeCZF_jP8iLzAjEFhYQ8ilQ11WpQ6ji1rXfvITriLyRp252EP2vYicX7--Ls9Kk_FSWJ2-dxp2F-iIcQwwy70dtodUmhFc5lmfi-5FevwNG6gqnjD79ktiZv6JtdHBSK-LoGlSrKyYje-lN8qghACVwhj5L4aI1Yw","expires_in":3599,"token_type":"Bearer","scope":"alec laws"}% curl -X POST --location http://localhost:8081/oauth2/token \ -H 'Content-type: application/json' \ -H 'Authorization: Basic ZnB4c3A6c2VjcmV0' \ -d '{ "grant_type": "client_credentials", "scope" : "alec not_my_scope" }' ->> error invalid scope