-
Notifications
You must be signed in to change notification settings - Fork 164
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(identity): add user guide for generating M2M tokens (#973)
- Loading branch information
1 parent
f75e1d6
commit 3fd93f7
Showing
3 changed files
with
57 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- | ||
id: m2m-tokens | ||
title: "Machine-to-machine (M2M) tokens" | ||
sidebar_label: "Machine-to-machine (M2M) tokens" | ||
--- | ||
|
||
A **machine-to-machine (M2M)** token is a token requested by one service so it can | ||
communicate with another service acting as itself. | ||
|
||
In [Identity](/self-managed/identity/what-is-identity.md), we provide the ability to assign permissions to | ||
an application. This functionality allows an application to perform the `client_credentials` flow to | ||
retrieve a JWT token with permissions. | ||
|
||
The token generated can then be used to communicate with other applications in the Camunda Platform without | ||
the need for user intervention. | ||
|
||
:::tip Want to learn how to generate an M2M token? | ||
Head to our guide, [generating M2M tokens](/self-managed/identity/user-guide/generating-m2m-tokens.md) | ||
to find out more! | ||
::: |
35 changes: 35 additions & 0 deletions
35
docs/self-managed/identity/user-guide/generating-m2m-tokens.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
--- | ||
id: generating-m2m-tokens | ||
title: "Generating machine-to-machine tokens" | ||
sidebar_label: "Generating machine-to-machine (M2M) tokens" | ||
--- | ||
|
||
In this guide, we'll show you how to generate your own **machine-to-machine (M2M)** tokens. | ||
|
||
:::tip Want to learn more about M2M tokens? | ||
Head over to our documentation on [M2M tokens](/self-managed/concepts/authentication/m2m-tokens.md) to find out more. | ||
::: | ||
|
||
### Prerequisites | ||
|
||
- A running [Identity](/self-managed/identity/what-is-identity.md) service | ||
- An [application](/self-managed/concepts/access-control/applications.md) for your service | ||
- The client ID of your application | ||
- The client secret of your application | ||
- A REST client of your choice | ||
|
||
### Generate token | ||
|
||
In our example, the Keycloak instance that supports Identity can be found via `http://localhost:18080`. | ||
This may be different for you, so adjust the host name (and port if required) as appropriate. | ||
|
||
To request a token, use the following cURL command replacing the placeholders with your applications | ||
details: | ||
|
||
``` | ||
curl --location --request POST 'http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token' \ | ||
--header 'Content-Type: application/x-www-form-urlencoded' \ | ||
--data-urlencode 'client_id=[CLIENT_ID]' \ | ||
--data-urlencode 'client_secret=[CLIENT_SECRET]' \ | ||
--data-urlencode 'grant_type=client_credentials' | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters