GetToken

The GetToken program implements a set of command line options for getting access tokens.

Syntax

GetToken [ client_credentials |  password ] [options] scopes
  1. There are two commands:
    1. client_credentials gets an access token using the service application client id and secret id.
    2. password gets an access token using the GIP user's username and password.
  2. options are described in the tables.
  3. scopes are the list of scopes required in the access token.
Table 1. GetToken options specific to the client_credentials command
Option Description
-h or

--help

 Displays help for the client_credentials command.

-c, --client_id code

Specifies the service application client id.

-s, --secret_id code

Specifies the service application secret id.
-f, --savetofile filename Save access token to file.
-i, --idp URL URL of IdP
Table 2. GetToken options specific to the password command
Option Description
-h or

--help

 Displays help for the password command.

-u, --username username

Specifies the name of the IdP user.

-p, --password password

Specifies the password of the IdP user
-f, --savetofile filename Save access token to file.
-i, --idp URL URL of IdP

Usage

Note: The gettoken tool is located in the $FGLDIR/web_utilities/services/gip/bin/gettoken directory.

The GetToken tool provides a way to get access tokens at the command line. For instance, you can use this tool to work with applications or services secured by the GIP via a script. See Automatize application deployment via scripts.

Get an access token for a Web service secured by the GIP

For example, you use the following command if you need to get an access token for a Web service secured by the GIP (line breaks have been added to the command example to improve readability):
GetToken password -u user -p mypw 
--idp https://host:port/gas/ws/r/services/GeneroIdentityProvider
--savetofile mytoken.json myWSScope
Where:
  1. The password command is used.
    Note: Web services have no credentials (client or secret ids) and with this command you can access the IdP with a user's login details to get its token.
  2. The IdP user's name and password is provided in -u user -p mypw.
  3. The URL of the Genero Identity Provider is specified.
  4. mytoken.json is the file name where the access token is saved.
  5. myWSScope is the scope of the service required in the token.
Note: Access token generated is valid for a limited time:

The access token got via this tool is valid for 10 minutes only. An access token got from the GIP when starting an application is valid for one hour and continues to be refreshed automatically till the application is closed.

Use the commands password and client_credentials with the help option to display available options. For example:
GetToken client_credentials --help