When calling the /oauth/token endpoint to generate a token for a machine user the docs state:
For authorization, pass a reserved OAuth2 client credential in the Authorization header. The call prints the access and refresh tokens to the screen. Save the tokens for later use.
I’m not sure what a reserved OAuth2 client credential is. Does that have to be the username and password/ clientid and client secret for the edgeui machine user that is created when SSO is enabled in edge-ui?
Hi Daniel,
It is the Authorization header shown run the example above that comment:
-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0"
Stephen
yes but what credentials need to be used there? Is it any other machine user? an ssoadmin? that decrypts to edgecli as the username; is there and edgecli user that exists that I need to use?
Reading through the docs is it potentially
Edge sys admin username and password as set when you installed Edge
That is a literal value. Use:
"-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0"
Just as it appears in:
curl -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \
-H "accept: application/json;charset=utf-8" \
-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0" -X POST \
[https://zoneName.login.apigee.com/oauth/token](https://zoneName.login.apigee.com/oauth/token) -s \
-d 'grant_type=password&response_type=token&passcode=UKB3Wn'
Oh I get it. Why does it require an auth header at all if the authheader is known to everyone?
Also I’m not sure if this is related but when I try to use that token I get
{
"code": "security.UnableToGetSignature",
"message": "Unable to get public signature from SSO server",
"contexts": []
}
Turned out it was a cert error. All resolved now.