Access Management

Get Started

🌟 Get started with IDENTOS Access Management with this simple example setup!

TODO: Create overview diagram with steps overlaid.

In our example setup, we'll configure the Authorization Server for the OAuth 2.0 client credentials authorization flow. This controls how Client applications request and use Access Tokens to access their own protected Resources from a Resource Server.

Prerequisites

If you'd like to try this setup yourself, please note the following assumptions:

  1. You should have admin access to an IDENTOS Authorization Server that's already installed and running (this should already be setup for you).
  2. You should know how to make API calls using cURL (client URL command line utility).

Each step involves making one or more API calls to the Authorization Server. For each API call, you'll need to replace the following placeholders with the right values according to your Authorization Server's configuration:

Placeholder

Description

Example Value

{{AS_URL}}

The base URL of your Authorization Server.

http://localhost:9091

{{AS_ADMIN_URI}}

The URI of your Authorization Server's Admin API. In most cases, this URI will end with /json-api.

http://localhost:9091/json-api

{{AS_ADMIN_STATIC_TOKEN}}

A static authorization token for accessing your Authorization Server's Admin API.

c96584c7-05ca-4df3-b935-98a4fc7d7bbc

💡 Need a refresher? Visit our Learn the Basics section to explore key concepts and articles, or contact support for help with your IDENTOS configuration.

Example Setup Overview

In this step-by-step setup procedure, we'll make API calls to the Authorization Server to configure an example Resource, Resouce Server, and Client. Then we'll request an Access Token that the Client application can use to access the Resource we made.

For our example, we'll pretend that we already have a Resource Server that stores a hospital's patient health records. The hospital has a web application that needs to read blood glucose levels from these records, and only that data.

To do this, we'll simply define each role, their scopes (read, write, etc.), and the relationships between them in the Authorization Server. We'll want to give the hospital's web application the permission to read the blood glucose levels stored in the hospital's Resource Server.

By the end of this example, you'll know how to use the IDENTOS Authorization Server to do the following: