How To
Machine to Machine
A service (aka: machine) is a non human program that may request an access token from Crossid in order to authenticate to other services.
A good example is a micro service or a scheduled job that requires access to a protected REST API.
This how-to explains how to perform authentication programmatically, with no user interaction, so a service could access some API.
Create a service account
A service account is a user intended to be used for services rather people.
Lets create a service account that will be granted with privileges to access our API.
- In Admin console, navigate to Directory → Service Accounts.
- Open the Actions dropdown and click Add.
- Follow the modal (don't forget to make the account active).
Machine to Machine
This machine to machine integration will make our service account be able to authenticate via OAuth2.
- In Admin console, navigate to Marketplace → Machine to Machine.
- Click the Add Integration button.
- Follow the wizard.
Required for next step, copy from Admin UI the fields below
Create an API integration
Lets create an API that our service should access.
- In Admin console, navigate to Marketplace → API.
- Click the Add Integration button.
- Follow the wizard.
Grant Access
We have to grant our service account access to the API.
Authenticate
At this point, we have a service account that have write grants to access our API app, lets authenticate.
curl -X POST https://{tenant_domain}/oauth2/token \
-F grant_type=client_credentials \
-F client_id={client_id} \
-F client_secret={client_secret} \
-F scope='write'
Output:
{
"access_token": "eyJhbGciOiJSUzI1NiIsImt...",
"expires_in": 3599,
"refresh_expires_in": 2592000000000000,
"scope": "write",
"token_type": "bearer"
}