reserved OAuth2 client credential for SAML?

I am going through the following document to call apigee management APIs.

As its SAML enabled org, have the machine user and credentials.

In this documenation, to get Machine users OAuth2 tokens,

Ref : https://docs.apigee.com/api-platform/system-administration/automating-tasks, it was mentioned

For authorization, pass a reserved OAuth2 client credential in the Authorization header. The call prints the access and refresh tokens to stdout.

What is meant by "reserved OAuth2 client credential and how to get it?

Also

curl -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \
  -H "accept: application/json;charset=utf-8" \
  -H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0" -X POST \
  https://zoneName.login.apigee.com/oauth/token -s \
  -d 'grant_type=password&username=machine_user_email&password=new_password'

why we need Authorization header as already passing username and password?

Much appreciated your help.

0 1 147
1 REPLY 1

You are showing a curl command that makes a request-for-token using the Password grant. OAuth2 specifies that in this granrt, both the client and the user are authenticated.

The token dispensary uses the client credentials to authenticate the client, and the user credentials to authenticate the user.

You can think of "The client" as an app. And the client credentials identify that particular app. Unfortunately, today, the Apigee Admin API does not allow you to register multiple distinct client ids. In fact there is just one - that is "the reserved credential". It's not really _reserved_; I'd say it's a well-known credential. Therefore all apps that use the Apigee Edge Admin API to automate processes, use the same client id, currently.