When calling the /oauth/token endpoint to generate a token for a machine user the docs state:
For authorization, pass a reserved OAuth2 client credential in the Authorization header. The call prints the access and refresh tokens to the screen. Save the tokens for later use.
I'm not sure what a reserved OAuth2 client credential is. Does that have to be the username and password/ clientid and client secret for the edgeui machine user that is created when SSO is enabled in edge-ui?
Solved! Go to Solution.
Hi Daniel,
It is the Authorization header shown run the example above that comment:
-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0"
Stephen
Hi Daniel,
It is the Authorization header shown run the example above that comment:
-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0"
Stephen
yes but what credentials need to be used there? Is it any other machine user? an ssoadmin? that decrypts to edgecli as the username; is there and edgecli user that exists that I need to use?
Reading through the docs is it potentially
Edge sys admin username and password as set when you installed Edge
That is a literal value. Use:
"-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0"
Just as it appears in:
curl -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \ -H "accept: application/json;charset=utf-8" \ -H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0" -X POST \ https://zoneName.login.apigee.com/oauth/token -s \ -d 'grant_type=password&response_type=token&passcode=UKB3Wn'
Oh I get it. Why does it require an auth header at all if the authheader is known to everyone?
Also I'm not sure if this is related but when I try to use that token I get
{ "code": "security.UnableToGetSignature", "message": "Unable to get public signature from SSO server", "contexts": [] }
Turned out it was a cert error. All resolved now.
User | Count |
---|---|
7 | |
2 | |
2 | |
2 | |
1 |