Cancel
Showing results for 
Search instead for 
Did you mean: 

Using the new App Credentials - Authorization Management

Siemens Valued Contributor Siemens Valued Contributor
Siemens Valued Contributor

I've generated App Credentials using the new capability in the Developer Cockpit (Auth Management tab).

 

I've tried using these new credentials with the API but haven't been successful.  Could anyone confirm which endpoint can be used to generate a token with these credentials?

 

I've been using the new Token Management Service, but the docs imply that this should only be used with the app credentials as generated from the Operator tenant.  Is there a different endpoint that can receive these credentials on a Developer tenant?

 

Thanks

9 REPLIES 9

Re: Using the new App Credentials - Authorization Management

Legend
Legend
The new Token Management Service main use case seems to make possible for an application running in prod access to other tenants data, when somebody purchases an app they must accept access of the app to their data. In that regard they behave like the technical user accounts available in the dev tenant, so I assume it's the same endpoint as that:
https://developer.mindsphere.io/apis/core-oauthauthorizationserver/api-oauthauthorizationserver-over...

What is exactly you want to achieve? Could you describe a bit?

Re: Using the new App Credentials - Authorization Management

Siemens Valued Contributor Siemens Valued Contributor
Siemens Valued Contributor

@dlouzan Thanks for the reply.

I assumed that as well, but the App Credentials generated by the developer cockpit do not seem to work with the OAuth endpoint.

 

I'm trying to use the App Credentials (generated in dev cockpit) to retrieve data from the developer tenant.

Re: Using the new App Credentials - Authorization Management

Siemens Valued Contributor Siemens Valued Contributor
Siemens Valued Contributor
Hi Dave,
You should use the endpoint "https://gateway.eu1.mindsphere.io/api/technicaltokenmanager/v3/oauth/token". Make sure to include the headers "X-SPACE-AUTH-KEY" with the clientID and Client Secret base64 encoded, and the "Content-Type" header with the value of "application/json". The body has to have the appName, appVersion, hostTenant, and userTenant. For testing the developer tenant you can set the hostTenant and userTenant to the same tenant name.
Here is a sample of the body I used:
{
"appName": "appName",
"appVersion": "1.0.0",
"hostTenant":"DevTenant",
"userTenant":"DevTenant"
}

Re: Using the new App Credentials - Authorization Management

Siemens Valued Contributor Siemens Valued Contributor
Siemens Valued Contributor

@C_Elliott  Excellent...that works! thanks!

Re: Using the new App Credentials - Authorization Management

Siemens Experimenter Siemens Experimenter
Siemens Experimenter

Thanks it also worked for me !!! 

Actually in Documentation of this API - https://gateway.eu1.mindsphere.io/api/technicaltokenmanager/v3/oauth/token

they have missed "hostTenant":"DevTenant" and "userTenant":"DevTenant"

Re: Using the new App Credentials - Authorization Management

Legend
Legend

@UlhasI think you're right, I've reported it to the mdsp team.

 

Cheers,

Diego

Re: Using the new App Credentials - Authorization Management

Siemens Experimenter Siemens Experimenter
Siemens Experimenter

Thanks , I saw it today and it was there in the documentation :-)

{
  "appName": "testapplication",
  "appVersion": "1.0.0",
  "hostTenant": "diop1",
  "userTenant": "diusr3"
}

 

Re: Using the new App Credentials - Authorization Management

Experimenter
Experimenter

May I ask:

"hostTenant":"DevTenant",
"userTenant":"DevTenant"

 

Are they the tenant name?

Thank you.

Re: Using the new App Credentials - Authorization Management

Siemens Experimenter Siemens Experimenter
Siemens Experimenter

My example : 

 

 {
"grant_type": "client_credentials",
"appName": "ukmconnectivity",
"appVersion": "1.0.0",
"hostTenant": "eo3codev",
"userTenant": "eo3codev"
}

 

Yes hostTenant and userTenant are just tenant names for which you are creating a token.

Actually, I don't know the diff between host and user tenant - for me they are same.