1. Cloud Native Core Console User Guide
  2. Configuring NF Resources in CNC Console IAM
  3. Generate Access Tokens

Generate Access Tokens

CNCC IAM provides a REST API for generating and refreshing access tokens.

You must use cncc-api-access client for accessing NF resources through REST APIs. For security reasons, Direct Access Grants Enabled is set to OFF by default.

Perform the following steps to set Direct Access Grants Enabled to ON.

  1. Log in to CNC IAM with valid credentials.
  2. Click Cncc realm.
  3. On the right pane, click Clients. The following screen appears:

    Figure 5-1 Clients

    img/cnc_curl_3.png
  4. Click cncc-api-access. The following screen appears.
    img/cnc_curl_4.png
  5. Set the Direct Access Grants Enabled to ON and click Save.

Perform the following procedure to generate the access tokens:

  1. Acquire an access token from CNC Console IAM by sending a POST request to the following URL:

    http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/realms/${realm}/protocol/openid-connect/token

    Example:

    http://10.75.182.79:8080/cncc/auth/realms/cncc/protocol/openid-connect/token

  2. The body of the request must be x-www-form-url encoded as follows: 
    
'client_id': 'your_client_id',
'username': 'your_username',
'password': 'your_password',
'grant_type': 'password'
 
Example:
'client_id': 'cncc-api-access',
'username': 'user1',
'password': '******',
'grant_type': 'password'
  3. The Curl Command to access the token is as follows: 
    
  curl --location --request POST 'http://${cncc-iam-ingress-extrenal-ip}:${cncc-iam-ingress-service-port}/cncc/auth/realms/cncc/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=user1' \
--data-urlencode 'password=User123!' \
--data-urlencode 'client_id=cncc-api-access'
  4. In response, you will get an access_token and a refresh_token. The response is as follows: 
    {
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJHS1N4WVhoWlExRVhrOVE5RTR3STN4WG9LcHI2RW5yOFJCdGlMVndPV0JZIn0.eyJqdGkiOiIwMTQzYzNhZC1kNjE3LTQyNTYtYTA2My01NGYxNGI5MDQ5MWMiLCJleHAiOjE1ODQ3MDAyMzUsIm5iZiI6MCwiaWF0IjoxNTg0Njk5OTM1LCJpc3MiOiJodHRwOi8vMTAuNzUuMjEzLjYwOjMwMDI0L2NuY2MvYXV0aC9yZWFsbXMvY25jYyIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIwMTJlNDI2OS02YzYwLTQzNWItYWExNC0yYWI3NmJjOWI1MjMiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhcGktZ2F0ZXdheSIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjZjNDJkOTc4LTE0YWMtNDc5My1hMWUzLTc4OWNmYmRiMmI3NCIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiUENGX1JFQUQiLCJQQ0ZfV1JJVEUiLCJTQ1BfUkVBRCIsIm9mZmxpbmVfYWNjZXNzIiwiTlJGX1dSSVRFIiwiQURNSU4iLCJ1bWFfYXV0aG9yaXphdGlvbiIsIk5SRl9SRUFEIiwiU0NQX1dSSVRFIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoiU2hyZXlhcyBCIiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2hyZWIiLCJnaXZlbl9uYW1lIjoiU2hyZXlhcyIsImZhbWlseV9uYW1lIjoiQiIsImVtYWlsIjoic2hyZXlhcy5iQG9yYWNsZS5jb20ifQ.fXYyjmAbSSIFlLr2ZBEX2pfKrE_vr6Zbj8ta-l_tKlv2gTX1J3ehScg_m30swpWU7UojuFkyc8CfNZL2Z9mcs7zbq_zA7ZTlaWA_AgmeoXWapicX2wALT_YDU6Z3H7L9x1C1Ulp8aTBIBHPv2J-zgkrFDtk83NeKunKEGlEZpp-9MGDLQ5a8QX6SAUo-Fe6hNgF1vP0d7LCyjWvu6UvoeG_Fuxsi4xEVHcbSen8M3eueAt7xN7akhXZ_4PgWnxsWvQVqtTzsY6O-WyUjUiwtaTvpX0dPVVeeNDvWMY_0q0KvF_nnE3_wQtE8bu_LcCZYwDQJJTloj2PJ8y1WjO9l2Q",
    "expires_in": 300,
    "refresh_expires_in": 1800,
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3YTFlYjcyZi00MWE1LTRkMTEtYjRmZS01NDZjZGU5NjY2MTUifQ.eyJqdGkiOiJmYjAwZTY2OC0xZTkyLTRlMTUtYTVlMS1jZjgxNDFkMjllNDMiLCJleHAiOjE1ODQ3MDE3MzUsIm5iZiI6MCwiaWF0IjoxNTg0Njk5OTM1LCJpc3MiOiJodHRwOi8vMTAuNzUuMjEzLjYwOjMwMDI0L2NuY2MvYXV0aC9yZWFsbXMvY25jYyIsImF1ZCI6Imh0dHA6Ly8xMC43NS4yMTMuNjA6MzAwMjQvY25jYy9hdXRoL3JlYWxtcy9jbmNjIiwic3ViIjoiMDEyZTQyNjktNmM2MC00MzViLWFhMTQtMmFiNzZiYzliNTIzIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImFwaS1nYXRld2F5IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNmM0MmQ5NzgtMTRhYy00NzkzLWExZTMtNzg5Y2ZiZGIyYjc0IiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlBDRl9SRUFEIiwiUENGX1dSSVRFIiwiU0NQX1JFQUQiLCJvZmZsaW5lX2FjY2VzcyIsIk5SRl9XUklURSIsIkFETUlOIiwidW1hX2F1dGhvcml6YXRpb24iLCJOUkZfUkVBRCIsIlNDUF9XUklURSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSJ9.l8w3j1gMNgblKSYdvCmJQfg6yIfkdKnmFb5vKPF-ZIg",
    "token_type": "bearer",
    "not-before-policy": 0,
    "session_state": "6c42d978-14ac-4793-a1e3-789cfbdb2b74",
    "scope": "email profile"
}

    Note:

    M-CNCC IAM IP/FQDN which is used to generate access token and M-CNCC IAM IP/FQDN which is specified in custom-cncc_values.yaml should be the same.