Authentification IAM pour OCI Cache

Découvrez comment configurer l'authentification IAM pour les utilisateurs OCI Cache.

Cette rubrique décrit l'utilisation de jetons Identity and Access Management (IAM) à court terme avec OCI Cache.

Pour demander et utiliser un jeton d'authentification IAM, procédez comme suit :

Utilisez l'opération createIdentityToken pour demander un jeton d'authentification.
Signez le jeton d'authentification et utilisez-le pour accéder à OCI Cache.

Génération et signature du jeton

Utilisez l'opération d'API CreateIdentityToken pour générer le jeton à partir d'OCI Cache. Le jeton expire au bout d'une heure et doit être renouvelé.

Pour créer le jeton, effectuez les tâches suivantes :

Créez le client d'identité OCI Cache.
Créez le jeton. Appelez un client à l'API CreateIdentityToken OCI Cache. Cet appel génère le jeton d'identité.
Remarque

Lors de la génération d'un jeton pour OciCacheUser, utilisez la valeur OCID de OciCacheUser comme valeur redisUser. Lors de la connexion au cluster Redis, indiquez le nom de OciCacheUser (et non OCID) en tant que username.
Générez la signature client pour le jeton à l'aide de la clé privée du client.
Codez la signature générée à l'aide de base64.
Générez la chaîne composite au format suivant : base64_signature|token.
Encodez la chaîne composite à l'aide de base64 pour obtenir le jeton final.
Utilisez le jeton final pour vous connecter.

Voici un exemple de jeton final :


ZnpwcDdCNUs1MnFMamFJMVprbG12UGpsQ2xRL2Nrb00rZDhjTFJqZHBYbkVnU1hNMjV5aFF1emxQT1JJR21wNldUUjFaZGwwZjZiVVUyWjdIY00yeXhoS0YwZnB0dnFBc2haRlpJUWQ1MUlmY1pFV2tLVGJEY0ZwYjRTcG9jTURWYXErVkhMSnhjRmkzdjErTzFXM2xSUU84QVU5RWt0T05sTm9lTHEvL3FOOTR5ZWxmcDhKMjRselQ1ZDVMbUFQSFR2OHg0L2Fsb1U0Mitjd0VwMTgrbnN0ZkpkZnZJK3hNeWowcFdBNVJ1TnNBdkFUWEhuYUdrTkl0L1R4c2FYaFhIR040enBLRW93VTNvSVdHMW1jbmlPNjN0R0ZZbTB2enByR3pCWjhHUk9lRHpUUVVPeWd6RGZ0Vm1QbnFydklwd2w1UDVnZ3RhalFjY2s0YzlDOUdBPT18ZXlKaGJHY2lPaUpTVXpJMU5pSjkuZXlKaGRXUWlPaUp5WldScGMyTmhZMmhsZFhObGNqQXlJaXdpY0hWaWJHbGpTMlY1SWpvaVRGTXdkRXhUTVVOU1ZXUktWR2xDVVZaVlNrMVRWVTFuVXpCV1dreFRNSFJNVXpCTFZGVnNTbEZyYkhGUlZUVkRXakowZUdGSGRIQlNlbXd6VFVWS1FsVlZWa2RSVlVaUVVUQkdVazlGUms1VFZXeERVVEprVEZFd1JsSlNWVVo1WTBoS1JGVlhiRFZTVm5CM1YwWnNZVmt3TkRSak1GSkhVMEZ3TkZGV2JGbGFNR2hZVWtaa01VNVVSakpsYWtKR1YwUm5OV1I2VFhwaFJHZDNUbXhzVVdKVlZrSmpSa1pxV1hwU1JWUnFTa1ppUjA1MlkxZEtNRXN4WkdwaU0yeGFWMGRrVFdWdFZtMVhSM04zWTI1V1NVTnFTVEZVUkZJMFlXeGFVRkZZU2xkUk1rWjNZbFpTZFdKWVFsVldSbGswVWxjNWVsbFdiM0pWYW1SQ1ltMUdhMXBET1V4WmFsWklZVEl4VGxZeVdscGliWGQyVkRBMWFGUXpVbEJSTVZwQ1RWWmFlazlYYzB0VVdGcHZXbFJHU2xwRlNscE9WMDB5WWxSc1NGbFhlRVZoYm14aFRESm9UMkZ0YkU5T1ZscDVVbXRvTVVzd2NIVmhhbWh2WkhwT1QxTnJPVmhUUlhSTlRsYzVTbFF6VGtsVk0wRTBUVVp2ZWxkdFdraFNRWEIyVlVSR1NGSkZjek5UVm5CWVRsVktOV0pGYUZoVGVtaFFWVEZ3ZWxscVNqWmpSRkUxWkROS1IxWnFXa1ZYVmtwc1VqRkdNVkpJUmxCaWVtaHdVakJzV0ZWNlNrWlJhemxOVlRKNGRrMXJPVTlWTTFKS1EydDBlVk5WU2pObFZFNDFZVVZzV0VzeWFGQldXRlpvWlZkdmNsSnVZelZQUlhCdFpHcFdhRmx1Y0U1TE1taFFZVE5DV0ZWcmRIRmxWMmh6VlVkWk1HSXdOVVpMTWtveVltMDVlRlF4VGtaa1ZFbDNWVzV2UzFJeFJrcFNSVVpTVVZWSlMweFRNSFJNVXpGR1ZHdFJaMVZHVmtOVVJXeEVTVVYwUmxkVE1IUk1VekIwUTJjaUxDSmxlSEFpT2pFM05EVTJNVGt5TURJc0ltbGhkQ0k2TVRjME5UWXhOVFl3TWl3aWFuUnBJam9pWlhsS2NtRlhVV2xQYVVwb1l6TmtabU5IYURSWWVrVXpUVlJWTWsxNlNURlBSR04zVG5wWmFVeERTbWhpUjJOcFQybEtVMVY2U1RGT2FVbzVMbVY1U25wa2JVNVZXbGMxYUdKdVVrcGFRMGsyU1cwNWFtRlhVWGhNYmxKc1ltMUdkVmt6YTNWaU1rMTRUR2sxYUZsWFJtaFpWMFpvV1ZoYU5WbFliM2xqYmtJMVlYcFdiVTVVVW14aldFMHdZVmh3ZG1GSVJYbGFNamg2WkVSVk1HSkVVWHBPTWpWeFlsZHNiazF0Um5aaWJtaDRaREpLZG1WWVJuWk5Na1ZwVEVOS2VtUlhTV2xQYVVwMldUSnNhMDFUTlhsYVYxSndZekpPYzJSWVRqQmFXRWwxWWpKTmVFeHVRbTlsUXpWb1lsZEdhRmxYUm1oWldHaDRZMjVhYUdSSWJHaGtSRkpzVGtSa2VXVnVaSHBrTW14NldsUk9jV0l5U214bGJrcHNaVWhPZWxsdFJuRmpia0l5VFcxb2QwNHpXVEJqU0d4c1l6SndOV0V5UldsTVEwcDZaRzFOYVU5cFNubGFWMUp3WTNreGVscFlTakpoVjA1c1RGaFdkV016VW1oWmJYaHNTV2wzYVdGWVRucEphbTlwV1ZoV01HRkdUbXhqYmxwd1dUSlZkV0l6U21oWk1uaHNURzFPZG1KVFNYTkpia3BzWXpFNU1GcFhOV2hpYmxGcFQybEtkbGt5Ykd0TlV6VXdXbGMxYUdKdFRqVk1iVGxxVFZNMGRWbFhSbWhaVjBab1dWZEdNbVZYUmpaTmJrcDNaVmR6TVZwcVZUQmFXRVo2VGtkc05tSXlhSGhOYldSMlRUTlJNVTVIZHpCTmVtUjFZVzB4Y0ZwNlNtaGlNalUwWTFoa2FXSXpiSGhpZWs1b1NXbDNhV05JVWpWalIxVnBUMmxLZVZwWVRuWmtXRXBxV2xOSmMwbHVTbXhqTVRrd1pWaENiRWxxYjJsamJWWnJZVmhPYW1KSVZucGtSMVo1U1dsM2FWbFlWbXRKYW05cFlqSk9jRWxwZDJsamJWWjZXREpzYTBscWIybGlNazV3V2tSRmRXTnRWbXRoV0U1cVlraFdlbVJIVm5sTWJUbHFUVk0xZDJGSVozVlpWekZvV1ZkR2FGbFhSalJqV0VveVdWaFNOVmxZVVRCYVZGRXpZMjV3TTJNelpIQmpNbFY2WVcwNWFWcFljSGxhV0doNll6SkthR0Z1U25ka2FrcHZZMFJrTWs1SVFqVmFXRTV4WlZkMGFFbHBkMmxrU0ZJMVkwZFZhVTlwU25sYVdFNW1Zek5CYVV4RFNubGFXRTVtV1RJNWRHTkhSbmxrUnpGc1ltNVJhVTlwU25aWk1teHJUVk0xYW1JeU1YZFpXRW93WWxkV2RXUkROWFpaZWtWMVRHMUdhRmxYUm1oWlYwWm9UbnBXY1dOWWJHMWhiVFZ1WVZoQk1WbHVaSEJpUjFKcVlXMUdlbVJJVWpKaVJ6QXpaR3BrYUdGdVpETmFSMFkwVG01b2JFNVhhR3BrTW1oeFpGaEtOVnBYU25KalUwbHpTVzFXTkdORFNUWk5WR013VGxSWk1FNVVWVE5QUTNkcFlWZEdNRWxxYjNoT2VsRXhUbXBCZVUxNll6Uk1RMHB4WkVkcmFVOXBTbXRhYW14c1RsUkdhVTlUTUROT1JGa3pURlJTYlU0eVNYUlpWRUpyVGtNeGFVMXFWVEpOZWxGNlRUSktiRmw2UVdsTVEwb3dXbGMxYUdKdVVXbFBhVXAyV1RKc2EwMVROVEJhVnpWb1ltMU9OVXh0T1dwTlV6UjFXVmRHYUZsWFJtaFpWMFl5WlZkR05rMXVTbmRsVjNNeFdtcFZNRnBZUm5wT1IydzJZakpvZUUxdFpIWk5NMUV4VGtkM01FMTZaSFZoYlRGd1ducEthR0l5TlRSaldHUnBZak5zZUdKNlRtaEphWGRwWWpOQ2FreFhVbTVqZVVrMlNXeFpla3hIT1dwaFYxRjRURzVTYkdKdFJuVlpNMnQxWWpKTmVFeHBOV2haVjBab1dWZEdhRmxZV2pWWldHOTVZMjVDTldGNlZtMU9WRkpzWTFoTk1HRlljSFpoU0VWNVdqSTRlbVJFVlRCaVJGRjZUakkxY1dKWGJHNU5iVVoyWW01b2VHUXlTblpsV0VaMlRUSkZjMUZWUmtKUlZVWlNVVlZHUWxGVlNYWmFhazAxVERCR1FsRlZSbkZrZWpBNVRFVkdRbEZWUmtKUlZEQTVTV2wzYVdGdVpISkphbTlwWlRGM2FXRXliR3RZUTBrMldFTktkbGt5Ykd0TlV6VjVXbGRTY0dNeVRuTmtXRTR3V2xoSmRXSXlUWGhNYmtKdlpVTTFhR0pYUm1oWlYwWm9XVmhvZUdOdVdtaGtTR3hvWkVSU2JFNUVaSGxsYm1SNlpESnNlbHBVVG5GaU1rcHNaVzVLYkdWSVRucFpiVVp4WTI1Q01rMXRhSGRPTTFrd1kwaHNiR015Y0RWaE1rWmpTV2w0WTBsdE5XTkphbkJqU1c1c1VGb3pUbWhXYldSelZWUldVR1JYVW1oT00wWnNXbXRTYVdGWVJsTmlTR3hHVm1wbk1HRXpUWGRUVjBaUFVUQktTbEZyVG01VE1UbEhXa1ZrV1ZreldsWmpSVXA0VTFkU1QyRnRkSFZXYmxwT1pESnNWR0ZVVGtWUFNFRXhZVVZPVGsxdVNtNVRSbkJGVkc1R05rNHpRbVpTTVRsdVltMHhRMDFyTVROaWFURTBVV3RhVDFoNlRrSmpNMEpQVGpKV1QwNXRjRWhhVlRrMlZqRkNWR1JGZURKYVJYZDNZa1ZhU2xKck9VbGhNV3MwVVROb1psTnRkRkJrZVRFMFRGTXhSRmRWVmpGT1NHaHlVV3BDWmxaR1pIZGtSbVJPVWxka1MxWkZPVU5WU0doc1UydE9NMDVwTVZOTlIxcFVZVzE0Wmxac2JITmpWVXBEV21wQ1FsVnNUbGxXYlU1UlZWZGtlV0ZIZUhkaGJrWkhWMjFhZUZwWGR6RmlSRkpDWTFac2VtUlZVWGRTZWtaRllVUnJlRll6WkhKVk1uUnNXbXR3ZFZFemNGbFZWbEUxVFd0YWNWZ3lSbEZoYkZKMlQwaEtTVlJFV2tKbFdFNXFUVlJrUWxSV1pGbFdWa0o2WTJzNWJGSlhNV3hTTWtadldWaGtjVTlHYUc5alZrSm9VakIwUjFSV1JtRmxiV2hVWWtkMGMyVkhiR2xXUldzMFQwUmFObFl5Y0VaaFJsbDNZMnhzYkdSVVVUQlRhazB5VFhwa05GcEhjR0ZaVnpWd1ZWVm9RMkV4YUc5UmEyZ3dWVlozYVV4R2QybGFWbmRwVDJ4M2FWRldSa0pSYkhkcFRFWjNhV0V6VWpWWVEwazJXRU5LVTFVd1JtTkphWGhqU1cxR2Mxb3hkMmxQYkhkcFZXeE5lVTVVV21OSmFYaGpTVzVXZWxwV2QybFBiSGRwWXpKc2JsaERTamxKYmpBdVVVNTZlWEZ2WlZnM04wTjJhVVpWYkhsWGMySnZiRzV4Y1ZOZk9FUmxkSFoyVXpkRk9FcFhXbGsyWmtKV1JIVldjbTl2ZWpkVWVGUlZYMUkxY1Zrd1VVRTJaMDQyWjBWYVRITnJhWGxRWW1KZlJUbDJSazlQUzNaZkxVNWZjRTE0T0ZsMWNURm1jRUZQUmxaVVgxQndkWE5HZVRnMFVqWjNhWEpGU2poRGNtOUJkemh0Ym0xQ1duaGxaazVJWjNSUGJYZzVkVmhPYVVWdE9Ua3dialpWT0U5UlFrMXBXVUk1U1hSQ1ZFNTJSekl0VEU0NVFtUXRaV3BUYmpCb1dDMDRSbmRZUVdaQ2JrbE1TRk5zTUd4UGRUQndVRVJqYVRKdVJIaDJhMWxpY1RseFRHcEROMTlCT0RWZmEzaG5OMjlIUzNSUFNtWkljemgwWkd4U2RrY3lTVEExVDB4cFQwdzRZMEZ5UmtKcFVYQnRaRzFOVEhabGJVWkdabGhMVkRVd2RGWmhNMlp0UjFSWFgwaFlRMnAxUzFaS05YbElMVTVyYVcxME1sbDRTRXRuZDBRMGJXVTFiR1ZKYTFBM00wZG9RM05vTjE5bkluMC5QSksyTmVNZ05HLWY0VTJYNUoyUTZVaWVINUdmN3oybUVybUxUUFFBY0lBUDJLQXNsVkRNUVpTV0JZVGZMempjbEhqaHRubkdFOHZ1ZHYwVldJazZSRHRTU0M2cGNJLS1DQzUxemNpMlptcDdyU2N5SGlxX1Z3bm5rbEtVbDhTV0pVRURtWUxPdUs5bXFXY3N1SlNCNi1ZRk5faUFTZmVBczZlSWZLeHVDbmZ6clM1RC1zTUpnUTI3YktOVTR4UmluNWhYVFR0ZXhHNURoMmZ1UENNTzdKUGFGa3VBcGlwTEdwUlY5RDE5LTBhRUtCN0NZcDQxeHVxOUVpenJReVUtdzd2SFMtYnZvNnVyMVh0OGE3dXl3ZGg3UmhQQlhVUWRFRVA4Q2x4RDdKT0U5dkN2Mm5aY0tZMTgxWndHV0lTOVJPdEhCV0I0ZlFIZEt4N1drWloteGc=

Utilisation du jeton pour authentifier l'utilisateur OCI Cache

Authentifiez-vous auprès du cluster à l'aide de l'un des utilisateurs de cache prédéfinis et du jeton nouvellement généré en tant que mot de passe :

redis-cli --tls --user <ocicacheusername> -h <private_endpoint> -a <token>

Exemple de génération et de signature du jeton

Voici un exemple de génération et de signature d'un jeton à l'aide de l'interface de ligne de commande ou d'API pour les utilisateurs d'OCI Cache.

Cette tâche n'est pas possible à l'aide de la console OCI.

Utilisez la commande oci redis-identity create-identity-token-details create-identity-token et les paramètres requis pour générer et authentifier un jeton :

oci redis redis-identity create-identity-token-details create-identity-token --public-key <text> --redis-cluster-id <cluster_OCID> --redis-user <text> [OPTIONS]

Remarque

Pour l'argument public key dans la commande, fournissez la clé publique codée en base64 à partir de la paire de clés utilisée pour signer le jeton extrait.

Pour récupérer le jeton, procédez comme suit :

Définissez l'ID du cluster Redis :

export REDIS_CLUSTER_ID=OCID1.rediscluster.OC1..<unique_ID>

Extrayez le cluster OCI Cache indiqué à l'aide de la commande suivante :

oci raw-request --HTTP-method GET --target-uri  HTTPS://test.redis.us../redisClusters/${REDIS_CLUSTER_ID}

Obtenez le jeton brut à l'aide de la commande suivante :

oci raw-request --HTTP-method POST --request-body "{  \"\publicKey\": \"LS0t..\",  \"redisUser\": \"OCID1.ocicacheuser.OC1..<unique_ID>"}" --target-uri "HTTPS://test.redis.us../redisClusters/${REDIS_CLUSTER_ID}/actions/identityToken"

Une fois le jeton d'identité brut généré, signez-le à l'aide d'une clé privée. Par exemple :

// java.security.Signature
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(<privateKey>); // private key of the user
signature.update(redisToken.getBytes(StandardCharsets.UTF_8));
byte[] signatureBytes = signature.sign();
String encodedSignature = Base64.getUrlEncoder().encodeToString(signatureBytes);
 
signature.initVerify(<publicKey>)); //public key of the user
signature.update(redisToken.getBytes(StandardCharsets.UTF_8));
boolean isValid = signature.verify(Base64.getUrlDecoder().decode(encodedSignature));
         
 
final String composite = signedToken + "|" + redisToken;
final String finalToken = Base64.getEncoder().encodeToString(composite.getBytes(StandardCharsets.UTF_8)); //Final token used for authenticating against the cluster

Cette étape génère le jeton final, par exemple :


ZnpwcDdCNUs1MnFMamFJMVprbG12UGpsQ2xRL2Nrb00rZDhjTFJqZHBYbkVnU1hNMjV5aFF1emxQT1JJR21wNldUUjFaZGwwZjZiVVUyWjdIY00yeXhoS0YwZnB0dnFBc2haRlpJUWQ1MUlmY1pFV2tLVGJEY0ZwYjRTcG9jTURWYXErVkhMSnhjRmkzdjErTzFXM2xSUU84QVU5RWt0T05sTm9lTHEvL3FOOTR5ZWxmcDhKMjRselQ1ZDVMbUFQSFR2OHg0L2Fsb1U0Mitjd0VwMTgrbnN0ZkpkZnZJK3hNeWowcFdBNVJ1TnNBdkFUWEhuYUdrTkl0L1R4c2FYaFhIR040enBLRW93VTNvSVdHMW1jbmlPNjN0R0ZZbTB2enByR3pCWjhHUk9lRHpUUVVPeWd6RGZ0Vm1QbnFydklwd2w1UDVnZ3RhalFjY2s0YzlDOUdBPT18ZXlKaGJHY2lPaUpTVXpJMU5pSjkuZXlKaGRXUWlPaUp5WldScGMyTmhZMmhsZFhObGNqQXlJaXdpY0hWaWJHbGpTMlY1SWpvaVRGTXdkRXhUTVVOU1ZXUktWR2xDVVZaVlNrMVRWVTFuVXpCV1dreFRNSFJNVXpCTFZGVnNTbEZyYkhGUlZUVkRXakowZUdGSGRIQlNlbXd6VFVWS1FsVlZWa2RSVlVaUVVUQkdVazlGUms1VFZXeERVVEprVEZFd1JsSlNWVVo1WTBoS1JGVlhiRFZTVm5CM1YwWnNZVmt3TkRSak1GSkhVMEZ3TkZGV2JGbGFNR2hZVWtaa01VNVVSakpsYWtKR1YwUm5OV1I2VFhwaFJHZDNUbXhzVVdKVlZrSmpSa1pxV1hwU1JWUnFTa1ppUjA1MlkxZEtNRXN4WkdwaU0yeGFWMGRrVFdWdFZtMVhSM04zWTI1V1NVTnFTVEZVUkZJMFlXeGFVRkZZU2xkUk1rWjNZbFpTZFdKWVFsVldSbGswVWxjNWVsbFdiM0pWYW1SQ1ltMUdhMXBET1V4WmFsWklZVEl4VGxZeVdscGliWGQyVkRBMWFGUXpVbEJSTVZwQ1RWWmFlazlYYzB0VVdGcHZXbFJHU2xwRlNscE9WMDB5WWxSc1NGbFhlRVZoYm14aFRESm9UMkZ0YkU5T1ZscDVVbXRvTVVzd2NIVmhhbWh2WkhwT1QxTnJPVmhUUlhSTlRsYzVTbFF6VGtsVk0wRTBUVVp2ZWxkdFdraFNRWEIyVlVSR1NGSkZjek5UVm5CWVRsVktOV0pGYUZoVGVtaFFWVEZ3ZWxscVNqWmpSRkUxWkROS1IxWnFXa1ZYVmtwc1VqRkdNVkpJUmxCaWVtaHdVakJzV0ZWNlNrWlJhemxOVlRKNGRrMXJPVTlWTTFKS1EydDBlVk5WU2pObFZFNDFZVVZzV0VzeWFGQldXRlpvWlZkdmNsSnVZelZQUlhCdFpHcFdhRmx1Y0U1TE1taFFZVE5DV0ZWcmRIRmxWMmh6VlVkWk1HSXdOVVpMTWtveVltMDVlRlF4VGtaa1ZFbDNWVzV2UzFJeFJrcFNSVVpTVVZWSlMweFRNSFJNVXpGR1ZHdFJaMVZHVmtOVVJXeEVTVVYwUmxkVE1IUk1VekIwUTJjaUxDSmxlSEFpT2pFM05EVTJNVGt5TURJc0ltbGhkQ0k2TVRjME5UWXhOVFl3TWl3aWFuUnBJam9pWlhsS2NtRlhVV2xQYVVwb1l6TmtabU5IYURSWWVrVXpUVlJWTWsxNlNURlBSR04zVG5wWmFVeERTbWhpUjJOcFQybEtVMVY2U1RGT2FVbzVMbVY1U25wa2JVNVZXbGMxYUdKdVVrcGFRMGsyU1cwNWFtRlhVWGhNYmxKc1ltMUdkVmt6YTNWaU1rMTRUR2sxYUZsWFJtaFpWMFpvV1ZoYU5WbFliM2xqYmtJMVlYcFdiVTVVVW14aldFMHdZVmh3ZG1GSVJYbGFNamg2WkVSVk1HSkVVWHBPTWpWeFlsZHNiazF0Um5aaWJtaDRaREpLZG1WWVJuWk5Na1ZwVEVOS2VtUlhTV2xQYVVwMldUSnNhMDFUTlhsYVYxSndZekpPYzJSWVRqQmFXRWwxWWpKTmVFeHVRbTlsUXpWb1lsZEdhRmxYUm1oWldHaDRZMjVhYUdSSWJHaGtSRkpzVGtSa2VXVnVaSHBrTW14NldsUk9jV0l5U214bGJrcHNaVWhPZWxsdFJuRmpia0l5VFcxb2QwNHpXVEJqU0d4c1l6SndOV0V5UldsTVEwcDZaRzFOYVU5cFNubGFWMUp3WTNreGVscFlTakpoVjA1c1RGaFdkV016VW1oWmJYaHNTV2wzYVdGWVRucEphbTlwV1ZoV01HRkdUbXhqYmxwd1dUSlZkV0l6U21oWk1uaHNURzFPZG1KVFNYTkpia3BzWXpFNU1GcFhOV2hpYmxGcFQybEtkbGt5Ykd0TlV6VXdXbGMxYUdKdFRqVk1iVGxxVFZNMGRWbFhSbWhaVjBab1dWZEdNbVZYUmpaTmJrcDNaVmR6TVZwcVZUQmFXRVo2VGtkc05tSXlhSGhOYldSMlRUTlJNVTVIZHpCTmVtUjFZVzB4Y0ZwNlNtaGlNalUwWTFoa2FXSXpiSGhpZWs1b1NXbDNhV05JVWpWalIxVnBUMmxLZVZwWVRuWmtXRXBxV2xOSmMwbHVTbXhqTVRrd1pWaENiRWxxYjJsamJWWnJZVmhPYW1KSVZucGtSMVo1U1dsM2FWbFlWbXRKYW05cFlqSk9jRWxwZDJsamJWWjZXREpzYTBscWIybGlNazV3V2tSRmRXTnRWbXRoV0U1cVlraFdlbVJIVm5sTWJUbHFUVk0xZDJGSVozVlpWekZvV1ZkR2FGbFhSalJqV0VveVdWaFNOVmxZVVRCYVZGRXpZMjV3TTJNelpIQmpNbFY2WVcwNWFWcFljSGxhV0doNll6SkthR0Z1U25ka2FrcHZZMFJrTWs1SVFqVmFXRTV4WlZkMGFFbHBkMmxrU0ZJMVkwZFZhVTlwU25sYVdFNW1Zek5CYVV4RFNubGFXRTVtV1RJNWRHTkhSbmxrUnpGc1ltNVJhVTlwU25aWk1teHJUVk0xYW1JeU1YZFpXRW93WWxkV2RXUkROWFpaZWtWMVRHMUdhRmxYUm1oWlYwWm9UbnBXY1dOWWJHMWhiVFZ1WVZoQk1WbHVaSEJpUjFKcVlXMUdlbVJJVWpKaVJ6QXpaR3BrYUdGdVpETmFSMFkwVG01b2JFNVhhR3BrTW1oeFpGaEtOVnBYU25KalUwbHpTVzFXTkdORFNUWk5WR013VGxSWk1FNVVWVE5QUTNkcFlWZEdNRWxxYjNoT2VsRXhUbXBCZVUxNll6Uk1RMHB4WkVkcmFVOXBTbXRhYW14c1RsUkdhVTlUTUROT1JGa3pURlJTYlU0eVNYUlpWRUpyVGtNeGFVMXFWVEpOZWxGNlRUSktiRmw2UVdsTVEwb3dXbGMxYUdKdVVXbFBhVXAyV1RKc2EwMVROVEJhVnpWb1ltMU9OVXh0T1dwTlV6UjFXVmRHYUZsWFJtaFpWMFl5WlZkR05rMXVTbmRsVjNNeFdtcFZNRnBZUm5wT1IydzJZakpvZUUxdFpIWk5NMUV4VGtkM01FMTZaSFZoYlRGd1ducEthR0l5TlRSaldHUnBZak5zZUdKNlRtaEphWGRwWWpOQ2FreFhVbTVqZVVrMlNXeFpla3hIT1dwaFYxRjRURzVTYkdKdFJuVlpNMnQxWWpKTmVFeHBOV2haVjBab1dWZEdhRmxZV2pWWldHOTVZMjVDTldGNlZtMU9WRkpzWTFoTk1HRlljSFpoU0VWNVdqSTRlbVJFVlRCaVJGRjZUakkxY1dKWGJHNU5iVVoyWW01b2VHUXlTblpsV0VaMlRUSkZjMUZWUmtKUlZVWlNVVlZHUWxGVlNYWmFhazAxVERCR1FsRlZSbkZrZWpBNVRFVkdRbEZWUmtKUlZEQTVTV2wzYVdGdVpISkphbTlwWlRGM2FXRXliR3RZUTBrMldFTktkbGt5Ykd0TlV6VjVXbGRTY0dNeVRuTmtXRTR3V2xoSmRXSXlUWGhNYmtKdlpVTTFhR0pYUm1oWlYwWm9XVmhvZUdOdVdtaGtTR3hvWkVSU2JFNUVaSGxsYm1SNlpESnNlbHBVVG5GaU1rcHNaVzVLYkdWSVRucFpiVVp4WTI1Q01rMXRhSGRPTTFrd1kwaHNiR015Y0RWaE1rWmpTV2w0WTBsdE5XTkphbkJqU1c1c1VGb3pUbWhXYldSelZWUldVR1JYVW1oT00wWnNXbXRTYVdGWVJsTmlTR3hHVm1wbk1HRXpUWGRUVjBaUFVUQktTbEZyVG01VE1UbEhXa1ZrV1ZreldsWmpSVXA0VTFkU1QyRnRkSFZXYmxwT1pESnNWR0ZVVGtWUFNFRXhZVVZPVGsxdVNtNVRSbkJGVkc1R05rNHpRbVpTTVRsdVltMHhRMDFyTVROaWFURTBVV3RhVDFoNlRrSmpNMEpQVGpKV1QwNXRjRWhhVlRrMlZqRkNWR1JGZURKYVJYZDNZa1ZhU2xKck9VbGhNV3MwVVROb1psTnRkRkJrZVRFMFRGTXhSRmRWVmpGT1NHaHlVV3BDWmxaR1pIZGtSbVJPVWxka1MxWkZPVU5WU0doc1UydE9NMDVwTVZOTlIxcFVZVzE0Wmxac2JITmpWVXBEV21wQ1FsVnNUbGxXYlU1UlZWZGtlV0ZIZUhkaGJrWkhWMjFhZUZwWGR6RmlSRkpDWTFac2VtUlZVWGRTZWtaRllVUnJlRll6WkhKVk1uUnNXbXR3ZFZFemNGbFZWbEUxVFd0YWNWZ3lSbEZoYkZKMlQwaEtTVlJFV2tKbFdFNXFUVlJrUWxSV1pGbFdWa0o2WTJzNWJGSlhNV3hTTWtadldWaGtjVTlHYUc5alZrSm9VakIwUjFSV1JtRmxiV2hVWWtkMGMyVkhiR2xXUldzMFQwUmFObFl5Y0VaaFJsbDNZMnhzYkdSVVVUQlRhazB5VFhwa05GcEhjR0ZaVnpWd1ZWVm9RMkV4YUc5UmEyZ3dWVlozYVV4R2QybGFWbmRwVDJ4M2FWRldSa0pSYkhkcFRFWjNhV0V6VWpWWVEwazJXRU5LVTFVd1JtTkphWGhqU1cxR2Mxb3hkMmxQYkhkcFZXeE5lVTVVV21OSmFYaGpTVzVXZWxwV2QybFBiSGRwWXpKc2JsaERTamxKYmpBdVVVNTZlWEZ2WlZnM04wTjJhVVpWYkhsWGMySnZiRzV4Y1ZOZk9FUmxkSFoyVXpkRk9FcFhXbGsyWmtKV1JIVldjbTl2ZWpkVWVGUlZYMUkxY1Zrd1VVRTJaMDQyWjBWYVRITnJhWGxRWW1KZlJUbDJSazlQUzNaZkxVNWZjRTE0T0ZsMWNURm1jRUZQUmxaVVgxQndkWE5HZVRnMFVqWjNhWEpGU2poRGNtOUJkemh0Ym0xQ1duaGxaazVJWjNSUGJYZzVkVmhPYVVWdE9Ua3dialpWT0U5UlFrMXBXVUk1U1hSQ1ZFNTJSekl0VEU0NVFtUXRaV3BUYmpCb1dDMDRSbmRZUVdaQ2JrbE1TRk5zTUd4UGRUQndVRVJqYVRKdVJIaDJhMWxpY1RseFRHcEROMTlCT0RWZmEzaG5OMjlIUzNSUFNtWkljemgwWkd4U2RrY3lTVEExVDB4cFQwdzRZMEZ5UmtKcFVYQnRaRzFOVEhabGJVWkdabGhMVkRVd2RGWmhNMlp0UjFSWFgwaFlRMnAxUzFaS05YbElMVTVyYVcxME1sbDRTRXRuZDBRMGJXVTFiR1ZKYTFBM00wZG9RM05vTjE5bkluMC5QSksyTmVNZ05HLWY0VTJYNUoyUTZVaWVINUdmN3oybUVybUxUUFFBY0lBUDJLQXNsVkRNUVpTV0JZVGZMempjbEhqaHRubkdFOHZ1ZHYwVldJazZSRHRTU0M2cGNJLS1DQzUxemNpMlptcDdyU2N5SGlxX1Z3bm5rbEtVbDhTV0pVRURtWUxPdUs5bXFXY3N1SlNCNi1ZRk5faUFTZmVBczZlSWZLeHVDbmZ6clM1RC1zTUpnUTI3YktOVTR4UmluNWhYVFR0ZXhHNURoMmZ1UENNTzdKUGFGa3VBcGlwTEdwUlY5RDE5LTBhRUtCN0NZcDQxeHVxOUVpenJReVUtdzd2SFMtYnZvNnVyMVh0OGE3dXl3ZGg3UmhQQlhVUWRFRVA4Q2x4RDdKT0U5dkN2Mm5aY0tZMTgxWndHV0lTOVJPdEhCV0I0ZlFIZEt4N1drWloteGc=

Pour obtenir la liste complète des paramètres et des valeurs des commandes de la CLI, reportez-vous à Référence des commandes de la CLI.

Exécutez l'opération CreateIdentityToken pour générer et authentifier un jeton. L'API effectue les opérations suivantes :

Créez un client d'identité Redis avec le code suivant :

public static RedisIdentityClient getRedisIdentityClient() throws IOException {
    return RedisIdentityClient.builder()
            .region("regionname") //Region from SDK configuration
            .endpoint("endPoint") //redis service prod endpoint (example: endpoint: redis.us-****-1.oci.oraclecloud.com for **** region)
            .build(new SessionTokenAuthenticationDetailsProvider("~/.oci/config", "default"));
}

Appelez le cache OCI IdentityTokenDetailsResponse pour générer un jeton d'identité brut.

public static void createIdentityToken(RedisIdentityClient client, String clusterId) {
 
    String redisUser = "OCID1.ocicacheuser.OC1..<unique_ID>"; 
    // String redisUser = <OCID of oci cache user>; // OCI Cache user created by customer
    CreateIdentityTokenDetails createIdentityTokenDetails = CreateIdentityTokenDetails.builder()
            .redisUser(redisUser)
            .publicKey() //Public key of the key pair used by customer to sign fetched token
            .build();
 
    CreateIdentityTokenRequest createIdentityTokenRequest = CreateIdentityTokenRequest.builder()
            .createIdentityTokenDetails(createIdentityTokenDetails)
            .redisClusterId(clusterId)
            .build();
 
    CreateIdentityTokenResponse identityToken = client.createIdentityToken(createIdentityTokenRequest);
    String redisToken = identityToken.getIdentityTokenDetailsResponse().getIdentityToken(); // Identity Token created by the OCI Cache identity API
}