Obtaining an IAM access token

Prerequisites

  1. Create a IAM client. The Redirect URI is not important, so you can exploit the IAM address itself.

    ../../_images/get_iam_token_client_main.png

  2. Give the client the rigth Scopes and Grant Types as in the figure:

    ../../_images/get_iam_token_client_access.png

  3. Save.

  4. Save Client ID, Client Secret and Registration Access Token or the full output json in the JSON tab for future access.

  5. Login as Administrator user and select from the left menu Manage Clients.

  6. Select the client just created.

  7. Navigate to the Tokens tab and set it as in the figure and save. In particular the Device Code Timeout should not be empty.

    ../../_images/get_iam_token_client_tokens.png

  8. On any linux distirbution, e.g. Ubuntu, Install jq:

    # apt-get install jq

  9. Download the following script:

    wget https://raw.githubusercontent.com/Laniakea-elixir-it/Scripts/master/IAM/dc-get-access-token.sh

  10. Give dc-get-access-token.sh execution permissions:

    chmod +x dc-get-access-token.sh

  11. Create the file ìam.rc with the following content:

    IAM_DEVICE_CODE_CLIENT_ID="<get_iam_token_client_id>"
IAM_DEVICE_CODE_CLIENT_SECRET="<get_iam_token_client_secret>"
IAM_TOKEN_ENDPOINT="<iam_url>/token"
IAM_DEVICE_CODE_ENDPOINT="<iam_url>/devicecode"

Get IAM access token

  1. Run dc-get-access-token.sh script

    # ./dc-get-access-token.sh
    ../../_images/get_iam_token_script_start.png

  2. Open in a browser the URL obtained from the script and paste code:

    ../../_images/get_iam_token_enter_code.png

  3. Authorize the client to create a token:

    ../../_images/get_iam_token_authorize.png

  4. Type `Y on the shell script and get your access token:

    ../../_images/get_iam_token_script_end.png