Get Access Tokens
service_provider is required to communicate with the service provider API: https://api.harborlockers.com/docs, the resulting token it is meant to just your backend application.tower_access it’s for the SDK to be able to communicate with the SDK API https://api.harborlockers.com/sdk/docs . So you need to send this token to your mobile application.https://accounts.harborlockers.com/realms/harbor/protocol/openid-connect/token for production or https://accounts.sandbox.harborlockers.com/realms/harbor/protocol/openid-connect/token for sandbox.Client credentials flow
For this we’ll select the client_credentials grant type.
Let’s get an access token for our backend application, with scope service_provider
$ curl -X 'POST' \
'https://accounts.harborlockers.com/realms/harbor/protocol/openid-connect/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&scope=service_provider&client_id=your_client_id&client_secret=your_client_secret'
the response it is something like:
{
"access_token": "eyJhbGcMj...",
"refresh_token": null,
"refresh_expires_in": 0,
"expires_in": 300,
"token_type": "Bearer"
}
Now we can use the Harbor API! let’s hit the test-token endpoint:
$ curl -X 'POST' \
'https://api.harborlockers.com/api/v1/login/test-token' \
-H 'accept: application/json' \
-H 'Authorization: Bearer eyJhbGcMj...' \
-d ''
Perfect! Now you are able to use all endpoints of the Harbor API.
Now to get a mobile SDK token the flow is the same but request scope tower_access insted of service_provider.
$ curl -X 'POST' \
'https://accounts.harborlockers.com/realms/harbor/protocol/openid-connect/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&scope=tower_access&client_id=your_client_id&client_secret=your_client_secret'
Great you can send this token to your mobile application!
Resource Owner Password Flow
Alternativaly you can use the password grant type and include the user credentials too.
$ curl -X 'POST' \
'https://accounts.harborlockers.com/realms/harbor/protocol/openid-connect/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=password&scope=service_provider&client_id=your_client_id&client_secret=your_client_secret&username=your_email@mail.com&password=you_password'
the response it is something like:
{
"access_token": "eyJhbGciO...",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGci...",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "302d9a...",
"scope": "email service_provider"
}
Now we can use the Harbor API! Let’s hit the test-token endpoint:
$ curl -X 'POST' \
'https://api.harborlockers.com/api/v1/login/test-token' \
-H 'accept: application/json' \
-H 'Authorization: Bearer eyJhbGciO...' \
-d ''
And to refresh the token you need to use the grant_type refresh_token
$ curl -X 'POST' \
'https://accounts.harborlockers.com/realms/harbor/protocol/openid-connect/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token&client_id=your_client_id&client_secret=your_client_secret&refresh_token=eyJhbGci...'
And you will have again an access and refresh token.
Now to get a mobile SDK token request scope tower_access instead of service_provider and the client_credentials grant type.
$ curl -X 'POST' \
'https://accounts.harborlockers.com/realms/harbor/protocol/openid-connect/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&scope=tower_access&client_id=your_client_id&client_secret=your_client_secret'