How do I get an authorization token for API? - noi-techpark/odh-docs GitHub Wiki

General information

Guide to access Opendatahub Tourism as an authorized user.

Opendatahub uses Oauth 2.0 Authentication, as Authentication Server the Open Source Identity and Access Management Solution Keycloak is used. The Authentication Server provides Tokens with a certain validity.

access_token has a validity of 300 seconds refresh_token has a validity of 7200 seconds

The Opendatahub Tourism api gives additional Data if a Request is authorized. That means certain data/operations are only available with a valid access token. The api is always responding with HTTP 200 also if a token is expired, simply the additional data is not returned anymore.

The access_token has to be added on each request as a Authorization Header (Authorization Bearer 'token').
The endpoint to retrieve the token is https://auth.opendatahub.com/auth/realms/noi/protocol/openid-connect/token
The scope to pass is openid

Currently Opendatahub Tourism supports different types of Oauth Grant Types:

Service Account (Oauth2 client_credentials flow)

Used for Machine2Machine communication.
grant_type=client_credentials
client_id
client_secret
scope
has to be passed
Of course you should have a valid client_id/client_secret from the Opendatahub Support.

Username / Password (Oauth2 password flow)

Used for User Access.
grant_type=password
username
password
client_id
client_secret
scope
has to be passed
Of course you should got a valid username/password/client_id/client_secret from the Opendatahub Support.

Username / Password (Oauth2 refresh_token flow)

Used to retrieve an access_token with the longer valid refresh_token.
grant_type=refresh_token
refresh_token
client_id
client_secret
scope
has to be passed
Of course you should got a valid client_id/client_secret from the Opendatahub Support and a valid refresh token from a Request you made before.

Tools to use

There are more possibilities to access the data with the authorization token

Programmatically

Retrieve the Token with the Oauth Conform Request to Keycloak and add it to your request Headers in your code.
Many Frameworks allows to add the Oauth 2.0 support by adding some librarys or Configuration

Swagger

Go to swagger -> Click "Authorize" -> Fill in all your credentials and Login -> Close Popup -> Click "Try it out" and do your requests.
The Bearer Token is automatically added. But be careful if the token expires a Re-Login is needed. (Because no 401 is returned only the additional data is not returned anymore, as mentioned above)

Command line using curl with the bearer token

Get the Token example:
curl -d "grant_type=password&username=USERNAME&password=PASSWORD&client_id=CLIENT_ID&client_secret=CLIENT_SECRET" -X POST -H 'Accept: application/json' -H 'Content-Type: application/x-www-form-urlencoded' ENDPOINTURL
Use the token by retrieving ODH example:
curl -H 'Authorization: Bearer BEARERTOKEN' -X GET ODHURL

Postman

Use the "Authorization" Tab on Postman. Set "Type" to "Oauth 2.0". Choose the right grant_type and fill in all credentials.
Try "Get new Access Token" and if a valid Token is retrieved, "Use Token" will add the token to the header.
Also here like on swagger, if the token has become invalid, renew it with "Get new Access Token". (Because no 401 is returned only the additional data is not returned anymore, as mentioned above)