IAM Authentication for OCI Cache

Learn how to set up IAM authentication for OCI Cache users.

This topic describes the use of short-term Identity and Access Management (IAM) tokens with OCI Cache.

Perform the following steps to request and use an IAM authentication token:

Use the createIdentityToken operation to request an authentication token.
Sign the authentication token and use it to access OCI Cache.

Generating and Signing the Token

Use the CreateIdentityToken API operation to generate the token from OCI Cache. The token expires after one hour and must be renewed.

To create the token, perform these tasks:

Create the OCI Cache identity client.
Create the token. Make a client call to the OCI Cache CreateIdentityToken API. This call generates the identity token.
Note

When generating a token for OciCacheUser, use the OciCacheUser's OCID as the redisUser value. When connecting to the Redis cluster, specify the OciCacheUser's name (not OCID) as the username.
Generate the customer signature for the token using the customer private key.
Encode the generated signature using base64.
Generate the composite string in the format: base64_signature|token.
Encode the composite string using base64 to get the final token.
Use the final token for signing in.

Here is an example of the final token:


ZnpwcDdCNUs1MnFMamFJMVprbG12UGpsQ2xRL2Nrb00rZDhjTFJqZHBYbkVnU1hNMjV5aFF1emxQT1JJR21wNldUUjFaZGwwZjZiVVUyWjdIY00yeXhoS0YwZnB0dnFBc2haRlpJUWQ1MUlmY1pFV2tLVGJEY0ZwYjRTcG9jTURWYXErVkhMSnhjRmkzdjErTzFXM2xSUU84QVU5RWt0T05sTm9lTHEvL3FOOTR5ZWxmcDhKMjRselQ1ZDVMbUFQSFR2OHg0L2Fsb1U0Mitjd0VwMTgrbnN0ZkpkZnZJK3hNeWowcFdBNVJ1TnNBdkFUWEhuYUdrTkl0L1R4c2FYaFhIR040enBLRW93VTNvSVdHMW1jbmlPNjN0R0ZZbTB2enByR3pCWjhHUk9lRHpUUVVPeWd6RGZ0Vm1QbnFydklwd2w1UDVnZ3RhalFjY2s0YzlDOUdBPT18ZXlKaGJHY2lPaUpTVXpJMU5pSjkuZXlKaGRXUWlPaUp5WldScGMyTmhZMmhsZFhObGNqQXlJaXdpY0hWaWJHbGpTMlY1SWpvaVRGTXdkRXhUTVVOU1ZXUktWR2xDVVZaVlNrMVRWVTFuVXpCV1dreFRNSFJNVXpCTFZGVnNTbEZyYkhGUlZUVkRXakowZUdGSGRIQlNlbXd6VFVWS1FsVlZWa2RSVlVaUVVUQkdVazlGUms1VFZXeERVVEprVEZFd1JsSlNWVVo1WTBoS1JGVlhiRFZTVm5CM1YwWnNZVmt3TkRSak1GSkhVMEZ3TkZGV2JGbGFNR2hZVWtaa01VNVVSakpsYWtKR1YwUm5OV1I2VFhwaFJHZDNUbXhzVVdKVlZrSmpSa1pxV1hwU1JWUnFTa1ppUjA1MlkxZEtNRXN4WkdwaU0yeGFWMGRrVFdWdFZtMVhSM04zWTI1V1NVTnFTVEZVUkZJMFlXeGFVRkZZU2xkUk1rWjNZbFpTZFdKWVFsVldSbGswVWxjNWVsbFdiM0pWYW1SQ1ltMUdhMXBET1V4WmFsWklZVEl4VGxZeVdscGliWGQyVkRBMWFGUXpVbEJSTVZwQ1RWWmFlazlYYzB0VVdGcHZXbFJHU2xwRlNscE9WMDB5WWxSc1NGbFhlRVZoYm14aFRESm9UMkZ0YkU5T1ZscDVVbXRvTVVzd2NIVmhhbWh2WkhwT1QxTnJPVmhUUlhSTlRsYzVTbFF6VGtsVk0wRTBUVVp2ZWxkdFdraFNRWEIyVlVSR1NGSkZjek5UVm5CWVRsVktOV0pGYUZoVGVtaFFWVEZ3ZWxscVNqWmpSRkUxWkROS1IxWnFXa1ZYVmtwc1VqRkdNVkpJUmxCaWVtaHdVakJzV0ZWNlNrWlJhemxOVlRKNGRrMXJPVTlWTTFKS1EydDBlVk5WU2pObFZFNDFZVVZzV0VzeWFGQldXRlpvWlZkdmNsSnVZelZQUlhCdFpHcFdhRmx1Y0U1TE1taFFZVE5DV0ZWcmRIRmxWMmh6VlVkWk1HSXdOVVpMTWtveVltMDVlRlF4VGtaa1ZFbDNWVzV2UzFJeFJrcFNSVVpTVVZWSlMweFRNSFJNVXpGR1ZHdFJaMVZHVmtOVVJXeEVTVVYwUmxkVE1IUk1VekIwUTJjaUxDSmxlSEFpT2pFM05EVTJNVGt5TURJc0ltbGhkQ0k2TVRjME5UWXhOVFl3TWl3aWFuUnBJam9pWlhsS2NtRlhVV2xQYVVwb1l6TmtabU5IYURSWWVrVXpUVlJWTWsxNlNURlBSR04zVG5wWmFVeERTbWhpUjJOcFQybEtVMVY2U1RGT2FVbzVMbVY1U25wa2JVNVZXbGMxYUdKdVVrcGFRMGsyU1cwNWFtRlhVWGhNYmxKc1ltMUdkVmt6YTNWaU1rMTRUR2sxYUZsWFJtaFpWMFpvV1ZoYU5WbFliM2xqYmtJMVlYcFdiVTVVVW14aldFMHdZVmh3ZG1GSVJYbGFNamg2WkVSVk1HSkVVWHBPTWpWeFlsZHNiazF0Um5aaWJtaDRaREpLZG1WWVJuWk5Na1ZwVEVOS2VtUlhTV2xQYVVwMldUSnNhMDFUTlhsYVYxSndZekpPYzJSWVRqQmFXRWwxWWpKTmVFeHVRbTlsUXpWb1lsZEdhRmxYUm1oWldHaDRZMjVhYUdSSWJHaGtSRkpzVGtSa2VXVnVaSHBrTW14NldsUk9jV0l5U214bGJrcHNaVWhPZWxsdFJuRmpia0l5VFcxb2QwNHpXVEJqU0d4c1l6SndOV0V5UldsTVEwcDZaRzFOYVU5cFNubGFWMUp3WTNreGVscFlTakpoVjA1c1RGaFdkV016VW1oWmJYaHNTV2wzYVdGWVRucEphbTlwV1ZoV01HRkdUbXhqYmxwd1dUSlZkV0l6U21oWk1uaHNURzFPZG1KVFNYTkpia3BzWXpFNU1GcFhOV2hpYmxGcFQybEtkbGt5Ykd0TlV6VXdXbGMxYUdKdFRqVk1iVGxxVFZNMGRWbFhSbWhaVjBab1dWZEdNbVZYUmpaTmJrcDNaVmR6TVZwcVZUQmFXRVo2VGtkc05tSXlhSGhOYldSMlRUTlJNVTVIZHpCTmVtUjFZVzB4Y0ZwNlNtaGlNalUwWTFoa2FXSXpiSGhpZWs1b1NXbDNhV05JVWpWalIxVnBUMmxLZVZwWVRuWmtXRXBxV2xOSmMwbHVTbXhqTVRrd1pWaENiRWxxYjJsamJWWnJZVmhPYW1KSVZucGtSMVo1U1dsM2FWbFlWbXRKYW05cFlqSk9jRWxwZDJsamJWWjZXREpzYTBscWIybGlNazV3V2tSRmRXTnRWbXRoV0U1cVlraFdlbVJIVm5sTWJUbHFUVk0xZDJGSVozVlpWekZvV1ZkR2FGbFhSalJqV0VveVdWaFNOVmxZVVRCYVZGRXpZMjV3TTJNelpIQmpNbFY2WVcwNWFWcFljSGxhV0doNll6SkthR0Z1U25ka2FrcHZZMFJrTWs1SVFqVmFXRTV4WlZkMGFFbHBkMmxrU0ZJMVkwZFZhVTlwU25sYVdFNW1Zek5CYVV4RFNubGFXRTVtV1RJNWRHTkhSbmxrUnpGc1ltNVJhVTlwU25aWk1teHJUVk0xYW1JeU1YZFpXRW93WWxkV2RXUkROWFpaZWtWMVRHMUdhRmxYUm1oWlYwWm9UbnBXY1dOWWJHMWhiVFZ1WVZoQk1WbHVaSEJpUjFKcVlXMUdlbVJJVWpKaVJ6QXpaR3BrYUdGdVpETmFSMFkwVG01b2JFNVhhR3BrTW1oeFpGaEtOVnBYU25KalUwbHpTVzFXTkdORFNUWk5WR013VGxSWk1FNVVWVE5QUTNkcFlWZEdNRWxxYjNoT2VsRXhUbXBCZVUxNll6Uk1RMHB4WkVkcmFVOXBTbXRhYW14c1RsUkdhVTlUTUROT1JGa3pURlJTYlU0eVNYUlpWRUpyVGtNeGFVMXFWVEpOZWxGNlRUSktiRmw2UVdsTVEwb3dXbGMxYUdKdVVXbFBhVXAyV1RKc2EwMVROVEJhVnpWb1ltMU9OVXh0T1dwTlV6UjFXVmRHYUZsWFJtaFpWMFl5WlZkR05rMXVTbmRsVjNNeFdtcFZNRnBZUm5wT1IydzJZakpvZUUxdFpIWk5NMUV4VGtkM01FMTZaSFZoYlRGd1ducEthR0l5TlRSaldHUnBZak5zZUdKNlRtaEphWGRwWWpOQ2FreFhVbTVqZVVrMlNXeFpla3hIT1dwaFYxRjRURzVTYkdKdFJuVlpNMnQxWWpKTmVFeHBOV2haVjBab1dWZEdhRmxZV2pWWldHOTVZMjVDTldGNlZtMU9WRkpzWTFoTk1HRlljSFpoU0VWNVdqSTRlbVJFVlRCaVJGRjZUakkxY1dKWGJHNU5iVVoyWW01b2VHUXlTblpsV0VaMlRUSkZjMUZWUmtKUlZVWlNVVlZHUWxGVlNYWmFhazAxVERCR1FsRlZSbkZrZWpBNVRFVkdRbEZWUmtKUlZEQTVTV2wzYVdGdVpISkphbTlwWlRGM2FXRXliR3RZUTBrMldFTktkbGt5Ykd0TlV6VjVXbGRTY0dNeVRuTmtXRTR3V2xoSmRXSXlUWGhNYmtKdlpVTTFhR0pYUm1oWlYwWm9XVmhvZUdOdVdtaGtTR3hvWkVSU2JFNUVaSGxsYm1SNlpESnNlbHBVVG5GaU1rcHNaVzVLYkdWSVRucFpiVVp4WTI1Q01rMXRhSGRPTTFrd1kwaHNiR015Y0RWaE1rWmpTV2w0WTBsdE5XTkphbkJqU1c1c1VGb3pUbWhXYldSelZWUldVR1JYVW1oT00wWnNXbXRTYVdGWVJsTmlTR3hHVm1wbk1HRXpUWGRUVjBaUFVUQktTbEZyVG01VE1UbEhXa1ZrV1ZreldsWmpSVXA0VTFkU1QyRnRkSFZXYmxwT1pESnNWR0ZVVGtWUFNFRXhZVVZPVGsxdVNtNVRSbkJGVkc1R05rNHpRbVpTTVRsdVltMHhRMDFyTVROaWFURTBVV3RhVDFoNlRrSmpNMEpQVGpKV1QwNXRjRWhhVlRrMlZqRkNWR1JGZURKYVJYZDNZa1ZhU2xKck9VbGhNV3MwVVROb1psTnRkRkJrZVRFMFRGTXhSRmRWVmpGT1NHaHlVV3BDWmxaR1pIZGtSbVJPVWxka1MxWkZPVU5WU0doc1UydE9NMDVwTVZOTlIxcFVZVzE0Wmxac2JITmpWVXBEV21wQ1FsVnNUbGxXYlU1UlZWZGtlV0ZIZUhkaGJrWkhWMjFhZUZwWGR6RmlSRkpDWTFac2VtUlZVWGRTZWtaRllVUnJlRll6WkhKVk1uUnNXbXR3ZFZFemNGbFZWbEUxVFd0YWNWZ3lSbEZoYkZKMlQwaEtTVlJFV2tKbFdFNXFUVlJrUWxSV1pGbFdWa0o2WTJzNWJGSlhNV3hTTWtadldWaGtjVTlHYUc5alZrSm9VakIwUjFSV1JtRmxiV2hVWWtkMGMyVkhiR2xXUldzMFQwUmFObFl5Y0VaaFJsbDNZMnhzYkdSVVVUQlRhazB5VFhwa05GcEhjR0ZaVnpWd1ZWVm9RMkV4YUc5UmEyZ3dWVlozYVV4R2QybGFWbmRwVDJ4M2FWRldSa0pSYkhkcFRFWjNhV0V6VWpWWVEwazJXRU5LVTFVd1JtTkphWGhqU1cxR2Mxb3hkMmxQYkhkcFZXeE5lVTVVV21OSmFYaGpTVzVXZWxwV2QybFBiSGRwWXpKc2JsaERTamxKYmpBdVVVNTZlWEZ2WlZnM04wTjJhVVpWYkhsWGMySnZiRzV4Y1ZOZk9FUmxkSFoyVXpkRk9FcFhXbGsyWmtKV1JIVldjbTl2ZWpkVWVGUlZYMUkxY1Zrd1VVRTJaMDQyWjBWYVRITnJhWGxRWW1KZlJUbDJSazlQUzNaZkxVNWZjRTE0T0ZsMWNURm1jRUZQUmxaVVgxQndkWE5HZVRnMFVqWjNhWEpGU2poRGNtOUJkemh0Ym0xQ1duaGxaazVJWjNSUGJYZzVkVmhPYVVWdE9Ua3dialpWT0U5UlFrMXBXVUk1U1hSQ1ZFNTJSekl0VEU0NVFtUXRaV3BUYmpCb1dDMDRSbmRZUVdaQ2JrbE1TRk5zTUd4UGRUQndVRVJqYVRKdVJIaDJhMWxpY1RseFRHcEROMTlCT0RWZmEzaG5OMjlIUzNSUFNtWkljemgwWkd4U2RrY3lTVEExVDB4cFQwdzRZMEZ5UmtKcFVYQnRaRzFOVEhabGJVWkdabGhMVkRVd2RGWmhNMlp0UjFSWFgwaFlRMnAxUzFaS05YbElMVTVyYVcxME1sbDRTRXRuZDBRMGJXVTFiR1ZKYTFBM00wZG9RM05vTjE5bkluMC5QSksyTmVNZ05HLWY0VTJYNUoyUTZVaWVINUdmN3oybUVybUxUUFFBY0lBUDJLQXNsVkRNUVpTV0JZVGZMempjbEhqaHRubkdFOHZ1ZHYwVldJazZSRHRTU0M2cGNJLS1DQzUxemNpMlptcDdyU2N5SGlxX1Z3bm5rbEtVbDhTV0pVRURtWUxPdUs5bXFXY3N1SlNCNi1ZRk5faUFTZmVBczZlSWZLeHVDbmZ6clM1RC1zTUpnUTI3YktOVTR4UmluNWhYVFR0ZXhHNURoMmZ1UENNTzdKUGFGa3VBcGlwTEdwUlY5RDE5LTBhRUtCN0NZcDQxeHVxOUVpenJReVUtdzd2SFMtYnZvNnVyMVh0OGE3dXl3ZGg3UmhQQlhVUWRFRVA4Q2x4RDdKT0U5dkN2Mm5aY0tZMTgxWndHV0lTOVJPdEhCV0I0ZlFIZEt4N1drWloteGc=

Using the Token to Authenticate the OCI Cache User

Authenticate against your cluster using one of the predefined cache users and the newly generated token as the password:

redis-cli --tls --user <ocicacheusername> -h <private_endpoint> -a <token>

Example of Generating and Signing the Token

The following is an example of generating and signing a token using CLI or APIs for OCI Cache users.

This task can't be performed using the OCI Console.

Use the oci redis redis-identity create-identity-token-details create-identity-token command and the required parameters to generate and authenticate a token:

oci redis redis-identity create-identity-token-details create-identity-token --public-key <text> --redis-cluster-id <cluster_OCID> --redis-user <text> [OPTIONS]

The following are the steps to retrieve the token:

Set the Redis cluster ID:

export REDIS_CLUSTER_ID=OCID1.rediscluster.OC1..<unique_ID>

Retrieve the specified OCI Cache cluster using the command:

oci raw-request --HTTP-method GET --target-uri  HTTPS://test.redis.us../redisClusters/${REDIS_CLUSTER_ID}

Obtain the raw token with the following command:

oci raw-request --HTTP-method POST --request-body "{  \"\publicKey\": \"LS0t..\",  \"redisUser\": \"OCID1.ocicacheuser.OC1..<unique_ID>"}" --target-uri "HTTPS://test.redis.us../redisClusters/${REDIS_CLUSTER_ID}/actions/identityToken"

After generating the raw identity token, sign it using a private key. For example:

// java.security.Signature
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(<privateKey>); // private key of the user
signature.update(redisToken.getBytes(StandardCharsets.UTF_8));
byte[] signatureBytes = signature.sign();
String encodedSignature = Base64.getUrlEncoder().encodeToString(signatureBytes);
 
signature.initVerify(<publicKey>)); //public key of the user
signature.update(redisToken.getBytes(StandardCharsets.UTF_8));
boolean isValid = signature.verify(Base64.getUrlDecoder().decode(encodedSignature));
         
 
final String composite = signedToken + "|" + redisToken;
final String finalToken = Base64.getEncoder().encodeToString(composite.getBytes(StandardCharsets.UTF_8)); //Final token used for authenticating against the cluster

This step generates the final token, such as:


ZnpwcDdCNUs1MnFMamFJMVprbG12UGpsQ2xRL2Nrb00rZDhjTFJqZHBYbkVnU1hNMjV5aFF1emxQT1JJR21wNldUUjFaZGwwZjZiVVUyWjdIY00yeXhoS0YwZnB0dnFBc2haRlpJUWQ1MUlmY1pFV2tLVGJEY0ZwYjRTcG9jTURWYXErVkhMSnhjRmkzdjErTzFXM2xSUU84QVU5RWt0T05sTm9lTHEvL3FOOTR5ZWxmcDhKMjRselQ1ZDVMbUFQSFR2OHg0L2Fsb1U0Mitjd0VwMTgrbnN0ZkpkZnZJK3hNeWowcFdBNVJ1TnNBdkFUWEhuYUdrTkl0L1R4c2FYaFhIR040enBLRW93VTNvSVdHMW1jbmlPNjN0R0ZZbTB2enByR3pCWjhHUk9lRHpUUVVPeWd6RGZ0Vm1QbnFydklwd2w1UDVnZ3RhalFjY2s0YzlDOUdBPT18ZXlKaGJHY2lPaUpTVXpJMU5pSjkuZXlKaGRXUWlPaUp5WldScGMyTmhZMmhsZFhObGNqQXlJaXdpY0hWaWJHbGpTMlY1SWpvaVRGTXdkRXhUTVVOU1ZXUktWR2xDVVZaVlNrMVRWVTFuVXpCV1dreFRNSFJNVXpCTFZGVnNTbEZyYkhGUlZUVkRXakowZUdGSGRIQlNlbXd6VFVWS1FsVlZWa2RSVlVaUVVUQkdVazlGUms1VFZXeERVVEprVEZFd1JsSlNWVVo1WTBoS1JGVlhiRFZTVm5CM1YwWnNZVmt3TkRSak1GSkhVMEZ3TkZGV2JGbGFNR2hZVWtaa01VNVVSakpsYWtKR1YwUm5OV1I2VFhwaFJHZDNUbXhzVVdKVlZrSmpSa1pxV1hwU1JWUnFTa1ppUjA1MlkxZEtNRXN4WkdwaU0yeGFWMGRrVFdWdFZtMVhSM04zWTI1V1NVTnFTVEZVUkZJMFlXeGFVRkZZU2xkUk1rWjNZbFpTZFdKWVFsVldSbGswVWxjNWVsbFdiM0pWYW1SQ1ltMUdhMXBET1V4WmFsWklZVEl4VGxZeVdscGliWGQyVkRBMWFGUXpVbEJSTVZwQ1RWWmFlazlYYzB0VVdGcHZXbFJHU2xwRlNscE9WMDB5WWxSc1NGbFhlRVZoYm14aFRESm9UMkZ0YkU5T1ZscDVVbXRvTVVzd2NIVmhhbWh2WkhwT1QxTnJPVmhUUlhSTlRsYzVTbFF6VGtsVk0wRTBUVVp2ZWxkdFdraFNRWEIyVlVSR1NGSkZjek5UVm5CWVRsVktOV0pGYUZoVGVtaFFWVEZ3ZWxscVNqWmpSRkUxWkROS1IxWnFXa1ZYVmtwc1VqRkdNVkpJUmxCaWVtaHdVakJzV0ZWNlNrWlJhemxOVlRKNGRrMXJPVTlWTTFKS1EydDBlVk5WU2pObFZFNDFZVVZzV0VzeWFGQldXRlpvWlZkdmNsSnVZelZQUlhCdFpHcFdhRmx1Y0U1TE1taFFZVE5DV0ZWcmRIRmxWMmh6VlVkWk1HSXdOVVpMTWtveVltMDVlRlF4VGtaa1ZFbDNWVzV2UzFJeFJrcFNSVVpTVVZWSlMweFRNSFJNVXpGR1ZHdFJaMVZHVmtOVVJXeEVTVVYwUmxkVE1IUk1VekIwUTJjaUxDSmxlSEFpT2pFM05EVTJNVGt5TURJc0ltbGhkQ0k2TVRjME5UWXhOVFl3TWl3aWFuUnBJam9pWlhsS2NtRlhVV2xQYVVwb1l6TmtabU5IYURSWWVrVXpUVlJWTWsxNlNURlBSR04zVG5wWmFVeERTbWhpUjJOcFQybEtVMVY2U1RGT2FVbzVMbVY1U25wa2JVNVZXbGMxYUdKdVVrcGFRMGsyU1cwNWFtRlhVWGhNYmxKc1ltMUdkVmt6YTNWaU1rMTRUR2sxYUZsWFJtaFpWMFpvV1ZoYU5WbFliM2xqYmtJMVlYcFdiVTVVVW14aldFMHdZVmh3ZG1GSVJYbGFNamg2WkVSVk1HSkVVWHBPTWpWeFlsZHNiazF0Um5aaWJtaDRaREpLZG1WWVJuWk5Na1ZwVEVOS2VtUlhTV2xQYVVwMldUSnNhMDFUTlhsYVYxSndZekpPYzJSWVRqQmFXRWwxWWpKTmVFeHVRbTlsUXpWb1lsZEdhRmxYUm1oWldHaDRZMjVhYUdSSWJHaGtSRkpzVGtSa2VXVnVaSHBrTW14NldsUk9jV0l5U214bGJrcHNaVWhPZWxsdFJuRmpia0l5VFcxb2QwNHpXVEJqU0d4c1l6SndOV0V5UldsTVEwcDZaRzFOYVU5cFNubGFWMUp3WTNreGVscFlTakpoVjA1c1RGaFdkV016VW1oWmJYaHNTV2wzYVdGWVRucEphbTlwV1ZoV01HRkdUbXhqYmxwd1dUSlZkV0l6U21oWk1uaHNURzFPZG1KVFNYTkpia3BzWXpFNU1GcFhOV2hpYmxGcFQybEtkbGt5Ykd0TlV6VXdXbGMxYUdKdFRqVk1iVGxxVFZNMGRWbFhSbWhaVjBab1dWZEdNbVZYUmpaTmJrcDNaVmR6TVZwcVZUQmFXRVo2VGtkc05tSXlhSGhOYldSMlRUTlJNVTVIZHpCTmVtUjFZVzB4Y0ZwNlNtaGlNalUwWTFoa2FXSXpiSGhpZWs1b1NXbDNhV05JVWpWalIxVnBUMmxLZVZwWVRuWmtXRXBxV2xOSmMwbHVTbXhqTVRrd1pWaENiRWxxYjJsamJWWnJZVmhPYW1KSVZucGtSMVo1U1dsM2FWbFlWbXRKYW05cFlqSk9jRWxwZDJsamJWWjZXREpzYTBscWIybGlNazV3V2tSRmRXTnRWbXRoV0U1cVlraFdlbVJIVm5sTWJUbHFUVk0xZDJGSVozVlpWekZvV1ZkR2FGbFhSalJqV0VveVdWaFNOVmxZVVRCYVZGRXpZMjV3TTJNelpIQmpNbFY2WVcwNWFWcFljSGxhV0doNll6SkthR0Z1U25ka2FrcHZZMFJrTWs1SVFqVmFXRTV4WlZkMGFFbHBkMmxrU0ZJMVkwZFZhVTlwU25sYVdFNW1Zek5CYVV4RFNubGFXRTVtV1RJNWRHTkhSbmxrUnpGc1ltNVJhVTlwU25aWk1teHJUVk0xYW1JeU1YZFpXRW93WWxkV2RXUkROWFpaZWtWMVRHMUdhRmxYUm1oWlYwWm9UbnBXY1dOWWJHMWhiVFZ1WVZoQk1WbHVaSEJpUjFKcVlXMUdlbVJJVWpKaVJ6QXpaR3BrYUdGdVpETmFSMFkwVG01b2JFNVhhR3BrTW1oeFpGaEtOVnBYU25KalUwbHpTVzFXTkdORFNUWk5WR013VGxSWk1FNVVWVE5QUTNkcFlWZEdNRWxxYjNoT2VsRXhUbXBCZVUxNll6Uk1RMHB4WkVkcmFVOXBTbXRhYW14c1RsUkdhVTlUTUROT1JGa3pURlJTYlU0eVNYUlpWRUpyVGtNeGFVMXFWVEpOZWxGNlRUSktiRmw2UVdsTVEwb3dXbGMxYUdKdVVXbFBhVXAyV1RKc2EwMVROVEJhVnpWb1ltMU9OVXh0T1dwTlV6UjFXVmRHYUZsWFJtaFpWMFl5WlZkR05rMXVTbmRsVjNNeFdtcFZNRnBZUm5wT1IydzJZakpvZUUxdFpIWk5NMUV4VGtkM01FMTZaSFZoYlRGd1ducEthR0l5TlRSaldHUnBZak5zZUdKNlRtaEphWGRwWWpOQ2FreFhVbTVqZVVrMlNXeFpla3hIT1dwaFYxRjRURzVTYkdKdFJuVlpNMnQxWWpKTmVFeHBOV2haVjBab1dWZEdhRmxZV2pWWldHOTVZMjVDTldGNlZtMU9WRkpzWTFoTk1HRlljSFpoU0VWNVdqSTRlbVJFVlRCaVJGRjZUakkxY1dKWGJHNU5iVVoyWW01b2VHUXlTblpsV0VaMlRUSkZjMUZWUmtKUlZVWlNVVlZHUWxGVlNYWmFhazAxVERCR1FsRlZSbkZrZWpBNVRFVkdRbEZWUmtKUlZEQTVTV2wzYVdGdVpISkphbTlwWlRGM2FXRXliR3RZUTBrMldFTktkbGt5Ykd0TlV6VjVXbGRTY0dNeVRuTmtXRTR3V2xoSmRXSXlUWGhNYmtKdlpVTTFhR0pYUm1oWlYwWm9XVmhvZUdOdVdtaGtTR3hvWkVSU2JFNUVaSGxsYm1SNlpESnNlbHBVVG5GaU1rcHNaVzVLYkdWSVRucFpiVVp4WTI1Q01rMXRhSGRPTTFrd1kwaHNiR015Y0RWaE1rWmpTV2w0WTBsdE5XTkphbkJqU1c1c1VGb3pUbWhXYldSelZWUldVR1JYVW1oT00wWnNXbXRTYVdGWVJsTmlTR3hHVm1wbk1HRXpUWGRUVjBaUFVUQktTbEZyVG01VE1UbEhXa1ZrV1ZreldsWmpSVXA0VTFkU1QyRnRkSFZXYmxwT1pESnNWR0ZVVGtWUFNFRXhZVVZPVGsxdVNtNVRSbkJGVkc1R05rNHpRbVpTTVRsdVltMHhRMDFyTVROaWFURTBVV3RhVDFoNlRrSmpNMEpQVGpKV1QwNXRjRWhhVlRrMlZqRkNWR1JGZURKYVJYZDNZa1ZhU2xKck9VbGhNV3MwVVROb1psTnRkRkJrZVRFMFRGTXhSRmRWVmpGT1NHaHlVV3BDWmxaR1pIZGtSbVJPVWxka1MxWkZPVU5WU0doc1UydE9NMDVwTVZOTlIxcFVZVzE0Wmxac2JITmpWVXBEV21wQ1FsVnNUbGxXYlU1UlZWZGtlV0ZIZUhkaGJrWkhWMjFhZUZwWGR6RmlSRkpDWTFac2VtUlZVWGRTZWtaRllVUnJlRll6WkhKVk1uUnNXbXR3ZFZFemNGbFZWbEUxVFd0YWNWZ3lSbEZoYkZKMlQwaEtTVlJFV2tKbFdFNXFUVlJrUWxSV1pGbFdWa0o2WTJzNWJGSlhNV3hTTWtadldWaGtjVTlHYUc5alZrSm9VakIwUjFSV1JtRmxiV2hVWWtkMGMyVkhiR2xXUldzMFQwUmFObFl5Y0VaaFJsbDNZMnhzYkdSVVVUQlRhazB5VFhwa05GcEhjR0ZaVnpWd1ZWVm9RMkV4YUc5UmEyZ3dWVlozYVV4R2QybGFWbmRwVDJ4M2FWRldSa0pSYkhkcFRFWjNhV0V6VWpWWVEwazJXRU5LVTFVd1JtTkphWGhqU1cxR2Mxb3hkMmxQYkhkcFZXeE5lVTVVV21OSmFYaGpTVzVXZWxwV2QybFBiSGRwWXpKc2JsaERTamxKYmpBdVVVNTZlWEZ2WlZnM04wTjJhVVpWYkhsWGMySnZiRzV4Y1ZOZk9FUmxkSFoyVXpkRk9FcFhXbGsyWmtKV1JIVldjbTl2ZWpkVWVGUlZYMUkxY1Zrd1VVRTJaMDQyWjBWYVRITnJhWGxRWW1KZlJUbDJSazlQUzNaZkxVNWZjRTE0T0ZsMWNURm1jRUZQUmxaVVgxQndkWE5HZVRnMFVqWjNhWEpGU2poRGNtOUJkemh0Ym0xQ1duaGxaazVJWjNSUGJYZzVkVmhPYVVWdE9Ua3dialpWT0U5UlFrMXBXVUk1U1hSQ1ZFNTJSekl0VEU0NVFtUXRaV3BUYmpCb1dDMDRSbmRZUVdaQ2JrbE1TRk5zTUd4UGRUQndVRVJqYVRKdVJIaDJhMWxpY1RseFRHcEROMTlCT0RWZmEzaG5OMjlIUzNSUFNtWkljemgwWkd4U2RrY3lTVEExVDB4cFQwdzRZMEZ5UmtKcFVYQnRaRzFOVEhabGJVWkdabGhMVkRVd2RGWmhNMlp0UjFSWFgwaFlRMnAxUzFaS05YbElMVTVyYVcxME1sbDRTRXRuZDBRMGJXVTFiR1ZKYTFBM00wZG9RM05vTjE5bkluMC5QSksyTmVNZ05HLWY0VTJYNUoyUTZVaWVINUdmN3oybUVybUxUUFFBY0lBUDJLQXNsVkRNUVpTV0JZVGZMempjbEhqaHRubkdFOHZ1ZHYwVldJazZSRHRTU0M2cGNJLS1DQzUxemNpMlptcDdyU2N5SGlxX1Z3bm5rbEtVbDhTV0pVRURtWUxPdUs5bXFXY3N1SlNCNi1ZRk5faUFTZmVBczZlSWZLeHVDbmZ6clM1RC1zTUpnUTI3YktOVTR4UmluNWhYVFR0ZXhHNURoMmZ1UENNTzdKUGFGa3VBcGlwTEdwUlY5RDE5LTBhRUtCN0NZcDQxeHVxOUVpenJReVUtdzd2SFMtYnZvNnVyMVh0OGE3dXl3ZGg3UmhQQlhVUWRFRVA4Q2x4RDdKT0U5dkN2Mm5aY0tZMTgxWndHV0lTOVJPdEhCV0I0ZlFIZEt4N1drWloteGc=

For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

Run the CreateIdentityToken operation to generate and authenticate a token. The API performs the following steps:

Create a Redis identity client with the following code:

public static RedisIdentityClient getRedisIdentityClient() throws IOException {
    return RedisIdentityClient.builder()
            .region("regionname") //Region from SDK configuration
            .endpoint("endPoint") //redis service prod endpoint (example: endpoint: redis.us-****-1.oci.oraclecloud.com for **** region)
            .build(new SessionTokenAuthenticationDetailsProvider("~/.oci/config", "default"));
}

Call the OCI Cache IdentityTokenDetailsResponse to generate a raw identity token.

public static void createIdentityToken(RedisIdentityClient client, String clusterId) {
 
    String redisUser = "OCID1.ocicacheuser.OC1..<unique_ID>"; 
    // String redisUser = <OCID of oci cache user>; // OCI Cache user created by customer
    CreateIdentityTokenDetails createIdentityTokenDetails = CreateIdentityTokenDetails.builder()
            .redisUser(redisUser)
            .publicKey() //Public key of the key pair used by customer to sign fetched token
            .build();
 
    CreateIdentityTokenRequest createIdentityTokenRequest = CreateIdentityTokenRequest.builder()
            .createIdentityTokenDetails(createIdentityTokenDetails)
            .redisClusterId(clusterId)
            .build();
 
    CreateIdentityTokenResponse identityToken = client.createIdentityToken(createIdentityTokenRequest);
    String redisToken = identityToken.getIdentityTokenDetailsResponse().getIdentityToken(); // Identity Token created by the OCI Cache identity API
}