GetToken

The GetToken program implements a set of command line options for getting access tokens.

Set the environment

Before executing the GetToken command, set the environment using the envidp script, found in $FGLDIR/web_utilities/services/gip. On Microsoft® Windows, the script is named envidp.bat.

Syntax

GetToken [ client_credentials |  password ] [options] scopes

There are two commands:
1. client_credentials gets an access token using the service application client id and secret id.
2. password gets an access token using the GIP user's username and password.
options are described in the tables.
scopes are the list of scopes required in the access token.

Table 1. GetToken options specific to the client_credentials command
Option	Description
`-h` or `--help`	Displays help for the client_credentials command.
`-c, --client_id code`	Specifies the service application client id.
`-s, --secret_id code`	Specifies the service application secret id.
`-f, --savetofile filename`	Save access token to file.
`-i, --idp URL`	URL of IdP

Table 2. GetToken options specific to the password command
Option	Description
`-h` or `--help`	Displays help for the password command.
`-u, --username username`	Specifies the name of the IdP user.
`-p, --password password`	Specifies the password of the IdP user
`-f, --savetofile filename`	Save access token to file.
`-i, --idp URL`	URL of IdP

Usage

Note: The gettoken tool is located in the $FGLDIR/web_utilities/services/gip/bin/gettoken directory.

The GetToken tool provides a way to get access tokens at the command line. You can use this tool to work with applications or services secured by the GIP via a script. See Automatize application deployment via scripts.

Get an access token for a Web service secured by the GIP

For example, you use the following command if you need to get an access token for a Web service secured by the GIP. Line breaks have been added to the command example to improve readability.

GetToken password -u user -p mypw 
--idp https://host:port/gas/ws/r/services/GeneroIdentityProvider
--savetofile mytoken.json myWSScope

In this example:

The password command is used.
Tip: If you need an access token on behalf of a user, you use the password option. If you need an access token without a specific user, use the client_credentials option after having created a service-to-service application.
The IdP user's name and password is provided in -u user -p mypw.
The URL of the Genero Identity Provider is specified.
mytoken.json is the file name where the access token is saved.
myWSScope is the scope of the service required in the token.

Note: Access token generated is valid for a limited time:

The access token got via this tool is valid for 10 minutes only. An access token got from the GIP when starting an application is valid for one hour and continues to be refreshed automatically till the application is closed.

Get an access token for a shared file

This example retrieves an access token for a file shared by the SharedFile App. Line breaks have been added to the command example to improve readability.

GetToken password -u user -p mypw 
--idp https://host:port/[gas]/ws/r/services/GeneroIdentityProvider
--savetofile myfiletoken.json sharefile

In this example:

The password command is used.
You must provide your IdP user name and password in -u user -p mypw.
You must provide the URL of the GeneroIdentityProvider.
myfiletoken.json is the file name where the access token is saved.
"sharefile" must be specified as the scope of the service required in the token.

The access token generated is valid for a limited time (600 seconds).

Display help for the GetToken command

Use the commands password or client_credentials with the help option to display available options. For example:

GetToken password --help
GetToken client_credentials --help