I have a Java app in cloud foundry which I want to link into the time series data service - I want to do an API call using POST to simply get the latest value. I have successfully obtained values using a hardcoded bearer token for the POSTs "Authorization" header. However I would like to be able to automatically generate this token using the app as obviously it is not practical to hardcode the token value each and every time it changes.
I have a working UAAC command to obtain tokens so therefore I know all the credentials to my UAA instance. Is there some sort of API I can use for the Predix UAA service to get a token using similar credentials?
Answer by Michael1.Green@ge.com · Mar 11, 2016 at 03:56 AM
I have managed to do this and thought it would be useful to post on here how exactly I did it to help people in a similar situation.
Shortly after posting the question I cam across this link: https://github.com/GESoftware-CF/uaa/blob/master/docs/UAA-APIs.rst which explains how the Predix UAA service has a HTTP API for many of the base UAA operations including grabbing a new token.
Unfortunately following that guide led me to HTTP 401 errors because of apparent lack of authorisation credentials despite including a client ID and client secret in the form stated by the link.
Instead of sending a POST request in the form in the link, I made a POST request in the following way:
URL:
[YOUR UAA INSTANCE]/oauth/token
Headers:
Pragma=no-cache
Cache-Contol=no-cache
authorisation=Basic [Base64 of your clientID and Client secret in the form "[clientID]:[clientSecret]]"
Body:
username=[Your username]
password=[Your password]
grant_type=password
Encoding:
x-www-form-urlencoded
Sending this, assuming credentials are correct, will return a JSON string with access_token, token_type, refresh_token, expires_in, scope and jti.
This, in theory, will work in any application capable of sending POST requests.
good point - just Pragma and Cache-control are not mandatory
Facing issue below error:
{
"error": "invalid_request",
"error_description": "Missing grant type"
}
I had difficulties understanding your notations for authorization part. For future reference, see this test case in cf github page. There is a test case where an http request is made to fetch auth token.
Answer by s.shaikh@ge.com · Nov 20, 2016 at 09:27 PM
You should write utility class in your app which will make oauth token grant request with client credential over HTTP from UAA. Parse the response of oauth token grant request from UAA to retrieve the token.
Hello,
Do you have an example of the utility class? Can you share?
Thanks!
Answer by Greg Stroup · Mar 11, 2016 at 10:01 AM
You might also want to check out the Predix Starter Kit to configure UAA, clients, users, etc:
hi Greg, where can I find the code of the predix-starter ?
We don't have that code posted in the public Github right now... but we probably will do that in the future. Right now it's on our GE internal Github Enterprise server.
Proper steps for creating a new user 2 Answers
Can't call api POST/password_resets 3 Answers
App suddenly returning error connecting to 10.72.2.168:8081 5 Answers
Predix-UAA service returning 500 response 4 Answers
JAVA Source code for UAA 2 Answers