GetToken

The GetToken tool gets access tokens.

Set the environment

Before executing the command, set the environment using the envidp script, found in $FGLDIR/web_utilities/services/gip. On Microsoft® Windows, the script is named envidp.bat.

Syntax

GetToken command [ options ]  scopes  
  1. There are two commands to get tokens from an Identity Provider such as the Genero Identity Provider (GIP):
    1. client_credentials gets an access token using the service application client id and secret id.
    2. password gets an access token using the GIP user's username and password.
  2. options. Options are specific to commands and these are described in the tables.
  3. scopes specify permissions for access to resources of web services or applications secured on the GIP. Scopes limit the bearer of the token to accessing specific resources. You must specify at least one scope. If more than one scope is needed, you can specify them in a list separated by spaces. For example, myAppScope myWSScope might define scopes for a secure application and web service the user requires access to.

Syntax 1: client credentials

GetToken client_credentials [ options ]  scopes  
  1. options are described in the client_credentials options.
  2. scopes specify permissions for access to resources of web services or applications secured on the GIP. Scopes limit the bearer of the token to accessing specific resources. You must specify at least one scope. If more than one scope is needed, you can specify them in a list separated by spaces. For example, myAppScope myWSScope might define scopes for a secure application and web service the user requires access to.

Syntax 2: password

GetToken password [ options ]  scopes  
  1. options are described in the Password options.
  2. scopes specify permissions for access to resources of web services or applications secured on the GIP. Scopes limit the bearer of the token to accessing specific resources. You must specify at least one scope. If more than one scope is needed, you can specify them in a list separated by spaces. For example, myAppScope myWSScope might define scopes for a secure application and web service the user requires access to.
Table 1. GetToken options specific to the client_credentials command
Option Description
-h or

--help

Displays help for the client_credentials command.

-c, --client_id code

Specifies the service application client id.

-s, --secret_id code

Specifies the service application secret id.
-f, --savetofile filename Save access token to file.
-i, --idp URL URL of IdP
Table 2. GetToken options specific to the password command
Option Description
-h or

--help

Displays help for the password command.

-u, --username username

Specifies the name of the IdP user.

-p, --password password

Specifies the password of the IdP user
-f, --savetofile filename Save access token to file.
-i, --idp URL URL of IdP

Usage

The GetToken tool is located in the $FGLDIR/web_utilities/services/gip/bin/gettoken directory.

Run the GetToken command to get access tokens at the command line. You can use this command to work with applications or services secured by the GIP via a script. The access token got via this command is valid for 10 minutes only. An access token got from the GIP when starting an application is valid for one hour and continues to be refreshed automatically till the application is closed.

Get an access token for a web service secured by the GIP

Use the following command if you need to get an access token for a web service secured by the GIP. (Line breaks have been added to improve readability.)
GetToken password -u user -p mypw 
--idp https://host:port/gas/ws/r/services/GeneroIdentityProvider
--savetofile mytoken.json myWSScope
In this example:
  1. The password command is used.
    Tip:

    If you need an access token on behalf of a user, you use the password option. If you need an access token for a service-to-service application, such as a script which does not have to be run on behalf of a user, use the client_credentials option.

  2. The IdP user's name and password is provided in -u user -p mypw.
  3. The URL of the Genero Identity Provider is specified.
  4. mytoken.json is the filename where the access token is saved.
  5. myWSScope is the scope of the service required in the token.
Important:

Access token generated is valid for a limited time

The access token got via this command is valid for 10 minutes only. An access token got from the GIP when starting an application is valid for one hour and continues to be refreshed automatically till the application is closed.

Get an access token for a shared file

This example retrieves an access token for a file shared by the SharedFile App. Line breaks have been added to the command example to improve readability.
GetToken password -u user -p mypw 
--idp https://host:port/[gas]/ws/r/services/GeneroIdentityProvider
--savetofile myfiletoken.json sharefile
In this example:
  1. The password command is used.
  2. You must provide your IdP user name and password in -u user -p mypw.
  3. You must provide the URL of the GeneroIdentityProvider.
  4. myfiletoken.json is the filename where the access token is saved.
  5. "sharefile" must be specified as the scope of the service required in the token.
The access token generated is valid for a limited time (600 seconds).

Display help for the GetToken command

Use the commands password or client_credentials with the help option to display available options. For example:
GetToken password --help
GetToken client_credentials --help