Authenticate

To allow a database user to access the OADC Catalog Service, the user should be an ADMIN user or you need to authorize the user with the AICAT_USER or PDB_DBA role.

You can authenticate users using a token API call with user credentials. To obtain the access token, send the following request:

POST https://public_lb_host/catalog/v1/auth/token

Example request parameter using cURL:

curl -k -s --location '<URI>/v1/auth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<dbUser>' \
--data-urlencode 'client_secret=<dbPwd>' \
--data-urlencode 'scope=PRINCIPAL_ROLE:ALL' | jq -r '.access_token'

Here's a sample response token:

{
    "access_token": "<token>",
    "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
    "token_type": "bearer",
    "expires_in": 3600
}

Use the obtained token as your Bearer token in the Authorization header:

Authorization: Bearer <your_token>

When the token expires, you will receive a 401 response. To re-authenticate, use refresh_token in the Authorization header.