Deploy the Sample JWT Script

We provide a simple Bourne shell script that you can deploy on an available web server in your domain.

The script returns a JSON Web Token (JWT) when queried from your client application by reading your Client ID and Client Secret from a plain text file and then using the command line utility curl to retrieve a JWT.

While the supplied script is sufficient for development purposes, you'll want to create something more secure for a production environment using the REST operation described in Retrieve a JWT Access Token Using the Auth REST Call.

1. From the Admin Console navigation menu, select Applications.
2. On the Applications page, select your application.
3. Select the Details tab.
4. Make note of the Client ID and retrieve the Client Secret from your tenant administrator.
   Warning: Click Display Secret and Generate only if you haven't been provided a secret by your tenant administrator. Generating a new secret will cause any authorization configuration you have in place to be invalidated.
5. Copy the following source into a file named auth.sh and save the file:

   #!/bin/bash
   # Copyright (c) 2017 Oracle. All rights reserved.
   # This material is the confidential property of Oracle Corporation or its
   # licensors and may be used, reproduced, stored or transmitted only in
   # accordance with a valid Oracle license or sublicense agreement.
   # Live Experience Sample Auth Module
   #
   # This shell script allows a Javascript application to retrieve a JWT token
   # from Live Experience when provided with a valid client ID and secret.
   # The client-credentials should be written to a text file in the format:
   # <ID>:<SECRET>
   # e.g. using the command: echo "ID:SECRET" >secret.txt
   # This line specifies the path to the client-credentials file,
   # if you move the file update this line to the new location
   SECRET_PATH="./secret.txt"
   # make sure curl command can be found
   PATH=/bin:/usr/bin:/usr/sbin:$PATH
   # build up auth server URL (allow replacing the server on the command line for testing)
   if [ $# -eq 1 ]; then
    AUTH_SERVER="$1"
   else
    AUTH_SERVER="https://live.oraclecloud.com"
    ## EMEA customers use:
    ## AUTH_SERVER="https://emea.live.oraclecloud.com"
   fi
   AUTH_PATH="/auth/apps/api/access-token"
   AUTH_ARGS="?grant_type=client_credentials&state=0&scope=optional&nonce=${RANDOM}"
   AUTH_SECRET=`cat ${SECRET_PATH}`
   # add curl arguments to temporary file to avoid including on curl command file
   tmpdir=$(mktemp -d "${TMPDIR:-/tmp/}.XXXXXXXXXXXX")
   cat >${tmpdir}/args.txt <<EOF
   --insecure
   --silent
   --show-error
   url = "${AUTH_SERVER}${AUTH_PATH}${AUTH_ARGS}"
   user = "${AUTH_SECRET}"
   EOF
   # set the content type
   echo "Content-type: application/json"
   echo ""
   # retrieve the JWT token
   curl --disable --config ${tmpdir}/args.txt
   echo ""
   # remove the temporary directory
   rm -rf ${tmpdir}
   exit 0

6. Copy auth.sh and to the cgi-bin directory on a web server you've deployed.
   The script requires access to the curl utility.
7. Optionally, rename the file auth.cgi.
8. Make sure the file is flagged executable and owned by a secure user such as www:

   chmod +x auth.sh
   chown www:www auth.sh

9. Create a plain text file named secret.txt and add a single line of the format ID:SECRET, where ID is the Client ID and SECRET is the Client Secret: echo "1f6l1f7kjloqj3j5i98s:eyJhbGciOiJSUzI1NiJ9.eyJhd..." > secret.txt.
   If you change the name or path of secret.txt, you'll need to change the location in auth.sh on the line that starts with SECRET=.
   An example response from the script is a JSON formatted string that will look something like: {"access_token":"abc123zyx987","expires_in":"1200","id_token":"abc123zyx987","state":"0","token_type":"Bearer"}. The following table describes the key and value pairs returned by the script.

   Key and Value Pairs Returned by the Script

   Key	Example Value	Description
   access_token	"abc123zyx987..."	Access token required to authenticate with Live Experience. Also interchangeably referred to as a JWT.
   expires_in	"1200"	Expiry time in seconds. Default is 1200 seconds (20 minutes).
   id_token	"zza3443kslle..."	An ID token. Not used.
   state	"0"	Request state. Will always be 0 unless an error occurs.
   token_type	"Bearer"	Type of access token. Will always be Bearer.

10. After the script is deployed, see the following examples to retrieve the JWT:
    • JavaScript: Authenticate with Live Experience for the Web
    • Swift (iOS): Authenticate with Live Experience for iOS
    • Java (Android):Authenticate with Live Experience for Android

      For information about the API to retrieve a JWT for your own JWT request system implementation, see the Oracle Live Experience REST API Reference.