OpenID Connect 1.0which basically works on top of
OAuth 2.0to allow services to verify the identity of an end-user or a client. This is based on the authentication performed by an open-source authentication server, Keycloak.
Client Credentials Grantfor the scope of this integration. It allows us to authenticate a client and retrieve its access token dedicated to limited resources by utilizing
The client should obtain an access token by sending an
HTTP POSTrequest to the authentication server with its
Here is a
cURLexample to obtain a valid access token:
curl -k --location --request POST 'https://customername.ouva.dev/auth/realms/ouva/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_secret=CLIENT_SECRET' \
If the credentials get successfully validated by the authentication server (i.e. Keycloak), the server responds back with an access token right away. Having received an access token, the client can then send HTTP requests to the REST API embedding that access token in the
Tip: According to Oauth 2.0 specs, the refresh tokens should not be used in this kind of flow. So whenever the access token expires, the client should send another request to obtain a new access token.