Generating an Authorization token from the Identity Sync service

The Identity Sync service must generate an Authorization token to authenticate any third-party trying to access the IEE Core APIs directly. To generate an Authorization token, you need to create a Service Principal account with Secret and Tenant Client details in the Identity Server. To create the resources (Service Principal account, Service Principal Secret and Service Principal Tenant Client) you must call the following Identity API endpoints:

Important! You must have Identity Admin privileges to call the Identity API endpoints.

  • PUT

    Copy 
    https://{webserver.host.fqdn}:20800/idenapi/api/v3/applications/{applicationId}/clients/{clientId}

  • PUT

    Copy 
    https://{webserver.host.fqdn}:20800/idenapi/api/v3/tenants/{tid}/applications/{applicationId}/clients/{clientId}

  • POST

    Copy 
    https://{webserver.host.fqdn}:20800/idenapi/api/v3/tenants/{tid}/applications/{applicationId}/clients/{clientId}/secrets

Use the following parameters to create the Service Principal account:

  • ApplicationID. iden

  • ClientID. Any single word that is less than 16 characters long.

  • SecretID. Any random GUID (for example, “51ae52c7-493e-4ebd-902f-1382bdf33794”).

To acquire a token with Identity Admin privileges:

  1. Open the IPL portal (as an Identity Admin user) and copy the Bearer token out of a REST API call using the Developer tools in the browser.

    Or

  2. Download the portable version of the Iden CLI Tool and run the following command:

    Copy 
    iden connect -u https://{webserver.host.fqdn}:20800/idenapi -d -c dcli -udc -o "iden roles tid.firstordefault"

    After running the “iden connect …” command, the Iden CLI tool can also be used to send the messages to the iden API:

    Copy 
    iden application client put iden kenter --message "c:\some\path\KenterBVServicePrincipal.json"
    iden tenant application client put t iden kenter --message "c:\some\path\KenterBVServicePrincipalTenantClient.json"
    iden tenant application client secrets post t iden kenter --message "c:\some\path\KenterBVServicePrincipalSecret.json"

Note: Utilizing a PowerShell script or a HTTP REST API tester tool, such as Postman, may be necessary to acquire the token.

Related topics: