The Client Credentials grant type is typically used for machine to machine access, and doesn’t represent a specific user. There can be multiple service identities. One is created by default with your OSDU instance. The default service identity has admin permissions, and is authorized to access all OSDU Data Platform service endpoints and actions. This article describes how to obtain OSDU credentials using this default service identity.The API’s are accessed in the standard way, except that the access token is first retrieved using a Client ID and Client Secret, instead of the username and password credentials. The token is retrieved from the Cognito instance’s Token endpoint.
Follow the steps below to use the Client Credentials grant type.
Open a support ticket to request the Client Credentials connection details. You will receive a Token endpoint URL, Client ID, and Client Secret.
Token endpoint URL
- Replace the placeholder text in the snippet below with the Token endpoint URL value and execute in a terminal.
export TOKEN_URI=enter_value_here
Client ID
- Enter the Client ID value in the snippet below and execute the command.
export APP_CLIENT_ID=enter_value_here
Client Secret
- Enter the Client Secret value into the snippet below and execute the following two commands. The second command formats the credentials in Basic Access Authentication format, which is Base64Encode(client_id:client_secret).
export APP_CLIENT_SECRET=enter_value_here export BASE64_CREDENTIALS=$(echo -n "$APP_CLIENT_ID:$APP_CLIENT_SECRET"|openssl base64 -A)
Get Access Token
- Execute the following command to retrieve an access token.
curl -X POST $TOKEN_URI \ -H "authorization: Basic $BASE64_CREDENTIALS" \ -H 'content-type: application/x-www-form-urlencoded' \ -d 'grant_type=client_credentials'
0 Comments