GetToken
The GetToken program implements a set of command line options for getting access tokens.
Set the environment
Before executing the GetToken command, set the environment using the envidp script, found in $FGLDIR/web_utilities/services/gip. On Microsoft® Windows, the script is named envidp.bat.
Syntax
GetToken [ client_credentials | password ] [options] scopes
- There are two commands:
- client_credentials gets an access token using the service application client id and secret id.
- password gets an access token using the GIP user's username and password.
- options are described in the tables.
- scopes are the list of scopes required in the access token.
Option | Description |
---|---|
-h
or
|
Displays help for the client_credentials command. |
|
Specifies the service application client id. |
|
Specifies the service application secret id. |
-f, --savetofile
filename
|
Save access token to file. |
-i, --idp URL
|
URL of IdP |
Option | Description |
---|---|
-h
or
|
Displays help for the password command. |
|
Specifies the name of the IdP user. |
|
Specifies the password of the IdP user |
-f, --savetofile
filename
|
Save access token to file. |
-i, --idp URL
|
URL of IdP |
Usage
The GetToken tool provides a way to get access tokens at the command line. You can use this tool to work with applications or services secured by the GIP via a script. See Automate application deployment via scripts.
Get an access token for a Web service secured by the GIP
GetToken password -u user -p mypw
--idp https://host:port/gas/ws/r/services/GeneroIdentityProvider
--savetofile mytoken.json myWSScope
In
this example:- The password command is used. Tip: If you need an access token on behalf of a user, you use the
password
option. If you need an access token without a specific user, use theclient_credentials
option after having created a service-to-service application. - The IdP user's name and password is provided in
-u user -p mypw
. - The URL of the Genero Identity Provider is specified.
- mytoken.json is the file name where the access token is saved.
myWSScope
is the scope of the service required in the token.
The access token got via this tool is valid for 10 minutes only. An access token got from the GIP when starting an application is valid for one hour and continues to be refreshed automatically till the application is closed.
Display help for the GetToken command
GetToken password --help
GetToken client_credentials --help