Getting Token for machine user

When calling the /oauth/token endpoint to generate a token for a machine user the docs state:

For authorization, pass a reserved OAuth2 client credential in the Authorization header. The call prints the access and refresh tokens to the screen. Save the tokens for later use.

I'm not sure what a reserved OAuth2 client credential is. Does that have to be the username and password/ clientid and client secret for the edgeui machine user that is created when SSO is enabled in edge-ui?

Solved Solved
0 7 801
1 ACCEPTED SOLUTION

sgilson
Participant V

Hi Daniel,

It is the Authorization header shown run the example above that comment:

-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0"

Stephen

View solution in original post

7 REPLIES 7

sgilson
Participant V

Hi Daniel,

It is the Authorization header shown run the example above that comment:

-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0"

Stephen

yes but what credentials need to be used there? Is it any other machine user? an ssoadmin? that decrypts to edgecli as the username; is there and edgecli user that exists that I need to use?

Reading through the docs is it potentially

Edge sys admin username and password as set when you installed Edge

That is a literal value. Use:

"-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0"

Just as it appears in:

curl -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \
  -H "accept: application/json;charset=utf-8" \
  -H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0" -X POST \
  https://zoneName.login.apigee.com/oauth/token -s \
  -d 'grant_type=password&response_type=token&passcode=UKB3Wn'

Oh I get it. Why does it require an auth header at all if the authheader is known to everyone?

Also I'm not sure if this is related but when I try to use that token I get

{
    "code": "security.UnableToGetSignature",
    "message": "Unable to get public signature from SSO server",
    "contexts": []
}

Turned out it was a cert error. All resolved now.