How to generate apigee access token for SAML without passcode or Automate the token generation process

Google Cloud Apigee
1

@Dino-at-Google @Miguel Mendoza

We have SAML placed in our organization, In order to get access token for management api calls we need get the passcode from Apigee. Then we get the access token in exchange.

But to automate this process, i want to bypass the passcode thing.

After reading Apigee docs, i came accross two approaches:

1.

curl -H “Content-Type: application/x-www-form-urlencoded;charset=utf-8” \

  -H "accept: application/json;charset=utf-8" \
  -H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0" -X POST \
  [https://zoneName.login.apigee.com/oauth/token](https://zoneName.login.apigee.com/oauth/token) -s \
  -d 'grant_type=password&username=machineusername&password=machineuserpassword'

Reference - [https://docs.apigee.com/api-platform/system-administration/automating-tasks#:~:text=from%20a%20browser.-,About%20machine%20users,having%20to%20specify%20a%20passcode](https://docs.apigee.com/api-platform/system-administration/automating-tasks#:~:text=from%20a%20browser.-,About%20machine%20users,having%20to%20specify%20a%20passcode).

But this is throwing me error - 
{
    "error": "unauthorized",
    "error_description": "Unable to find identity provider for origin:usergrid"
}
  1. acurl call ( Acurl to me is totally new thing, also I’m a windows user)
USER=me@example.comPASS=not-that-secretTOKEN=$(get_token -u $USER:$PASS -m ''--force-basic-auth)curl -H "Authorization: Bearer $TOKEN"'https://api.enterprise.apigee.com/v1/organizations/...'

In order to try it out can anyone help me to convert this into normal CURL. so i can try this out.

Kindly assist with any approach where i can generate access tokens automatically( Without human interactions)
2

I go through the automation process step bey step in this video starting at time code 2:15.

I’ve seen the error you are getting before when the zoneName in the URL (zoneName.login.apigee.com) does not match a valid zone name. Double check that your zoneName matches the zone name you have configured in apigee.com/sso

1 Like
3

@Miguel , I tried the same zoneName with passcode it gives me token. but skipping passcode and giving username and password is throwing the error

{"error":"unauthorized","error_description":"Unable to find identity provider for origin:usergrid"}
4

In order to skip passcode you need to create machine id for that zone for automation tasks

please follow this

https://docs.apigee.com/api-platform/system-administration/automating-tasks#get-the-machine-users-oauth2-tokens

5

@vinay can you provide the curl commands used to generate token with passcode. I am facing similar error code with passcode as well.

6

@vinaypratapsr & @miguelmendoza : Did you get any solution for the error

{"error":"unauthorized","error_description":"Unable to find identity provider for origin:usergrid"}

. We are using the machine credentials to get the token however getting the same error as above.

7

Please contact Apigee support for detailed assistance on this.