Some times, your application needs to access APIs on its own rights. Meaning that it's not on a user behalf.
To do so, CYM-Identity can generate access_token which belongs to the application itself.
Make sure that you have the following information :
- OpenID Provider Metadata (autodiscovery URL) : Your admin can provide you with the URL which lives in
https://${realm.url}/oauth/${realm.name}/.well-known/openid-configuration - Your client credentials : client_id & client_secret, or client_id & private key
This flow only applies to web applications. native apps cannot use this flow.
POST /token_endpoint HTTP/1.1
grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
| Parameter | Required | Description |
|---|
| grant_type | Yes | The value must be client_credentials |
| client_id | Yes | The identifier for your application |
| client_secret | No | Only required if the client authenticates through client_secret_post |
| client_assertion | No | Only required if the client authenticated through client_secret_jwt or private_key_jwt |
| client_assertion_type | No | Only required if a client_assertion is used. The value must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer |
HTTP/1.1 400 Bad Request
{
"error": "AN_ERROR_CODE",
"error_description": "AN_ERROR_DESCRIPTION"
}
HTTP/1.1 200 OK
{
"access_token": "AN_ACCESS_TOKEN_VALUE",
"token_type": "Bearer",
"expires_in": 3600,
}
This flow does not return an id_token since it's not an authentication request.
This flow does not return a refresh_token either. In case you need a new access_token, you can reiterate a new Token Request