- Developing Live Experience
- Deploy the Sample JWT Script
Deploy the Sample JWT Script
We provide a simple Bourne shell script that you can deploy on an available web server in your domain.
While the supplied script is sufficient for development purposes, you'll want to create something more secure for a production environment using the REST operation described in Retrieve a JWT Access Token Using the Auth REST Call.
- From the Admin Console navigation menu, select Applications.
- On the Applications page, select your application.
- Select the Details tab.
-
Make note of the Client ID and retrieve the Client Secret from your tenant
administrator.
Warning: Click Display Secret and Generate only if you haven't been provided a secret by your tenant administrator. Generating a new secret will cause any authorization configuration you have in place to be invalidated.
-
Copy the following source into a file named auth.sh and
save the file:
#!/bin/bash # Copyright (c) 2017 Oracle. All rights reserved. # This material is the confidential property of Oracle Corporation or its # licensors and may be used, reproduced, stored or transmitted only in # accordance with a valid Oracle license or sublicense agreement. # Live Experience Sample Auth Module # # This shell script allows a Javascript application to retrieve a JWT token # from Live Experience when provided with a valid client ID and secret. # The client-credentials should be written to a text file in the format: # <ID>:<SECRET> # e.g. using the command: echo "ID:SECRET" >secret.txt # This line specifies the path to the client-credentials file, # if you move the file update this line to the new location SECRET_PATH="./secret.txt" # make sure curl command can be found PATH=/bin:/usr/bin:/usr/sbin:$PATH # build up auth server URL (allow replacing the server on the command line for testing) if [ $# -eq 1 ]; then AUTH_SERVER="$1" else AUTH_SERVER="https://live.oraclecloud.com" ## EMEA customers use: ## AUTH_SERVER="https://emea.live.oraclecloud.com" fi AUTH_PATH="/auth/apps/api/access-token" AUTH_ARGS="?grant_type=client_credentials&state=0&scope=optional&nonce=${RANDOM}" AUTH_SECRET=`cat ${SECRET_PATH}` # add curl arguments to temporary file to avoid including on curl command file tmpdir=$(mktemp -d "${TMPDIR:-/tmp/}.XXXXXXXXXXXX") cat >${tmpdir}/args.txt <<EOF --insecure --silent --show-error url = "${AUTH_SERVER}${AUTH_PATH}${AUTH_ARGS}" user = "${AUTH_SECRET}" EOF # set the content type echo "Content-type: application/json" echo "" # retrieve the JWT token curl --disable --config ${tmpdir}/args.txt echo "" # remove the temporary directory rm -rf ${tmpdir} exit 0
-
Copy auth.sh and to the cgi-bin
directory on a web server you've deployed.
The script requires access to the curl utility.
- Optionally, rename the file auth.cgi.
-
Make sure the file is flagged executable and owned by a secure user such as
www:
chmod +x auth.sh chown www:www auth.sh
-
Create a plain text file named secret.txt and add a single
line of the format
ID:SECRET
, whereID
is the Client ID andSECRET
is the Client Secret:echo "1f6l1f7kjloqj3j5i98s:eyJhbGciOiJSUzI1NiJ9.eyJhd..." > secret.txt
.If you change the name or path of secret.txt, you'll need to change the location in auth.sh on the line that starts withSECRET=
.An example response from the script is a JSON formatted string that will look something like:{"access_token":"abc123zyx987","expires_in":"1200","id_token":"abc123zyx987","state":"0","token_type":"Bearer"}
. The following table describes the key and value pairs returned by the script.Key and Value Pairs Returned by the Script
Key Example Value Description access_token
"abc123zyx987..." Access token required to authenticate with Live Experience. Also interchangeably referred to as a JWT. expires_in "1200" Expiry time in seconds. Default is 1200 seconds (20 minutes). id_token
"zza3443kslle..."
An ID token. Not used. state "0"
Request state. Will always be 0 unless an error occurs. token_type "Bearer" Type of access token. Will always be Bearer. -
After the script is deployed, see the following examples to retrieve the JWT:
- JavaScript: Authenticate with Live Experience for the Web
- Swift (iOS): Authenticate with Live Experience for iOS
- Java (Android):Authenticate with Live Experience for Android
For information about the API to retrieve a JWT for your own JWT request system implementation, see the Oracle Live Experience REST API Reference.