Creating OAuth Clients
Because the root client's token contains all scopes, it can create new clients and new client ID/client secret pairs which can be used to create additional access tokens.
Prerequisites
In order to complete this, you will need one of the following:
- A valid
access_tokencreated from a client credentials with adequate scopes to create additional clients. Read how to generate an access token here.
CLIENT_CREATE to create any new clients. This will help to reduce the utilization of the all-scopes root client.Example: Create new OAuth Client
To create a new client ID and client secret, make POST request to the /api/v1/oauth/client endpoint using an access token with appropriate scopes as shown in the example below:
curl 'http://localhost:8080/api/v1/oauth/client' \
-X POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {{FIDES_ACCESS_TOKEN}}' \
-d '["policy:read", "rule:read"]'The Authorization header should be Bearer, where {{FIDES_ACCESS_TOKEN}} is your access token and the request Content-Type should be application/json.
To add scopes to the client, the body of your request must contain an array of scopes in the form key: scope_value.
In the above example, the new access token only lets the client read policies and rules. The client cannot create other clients, write policies, or perform other operations using Fides APIs. You can view a complete list of available scopes here.
A successful request to Fides will respond with a new client ID client secret pair similar to the example below:
HTTP/1.1 200 OK
Content-Type: application/json
{
"client_id" : "c0508a70e08f9f49de23eace66664d1d",
"client_secret" : "5fac65211cbd005b390c073b3912af14",
}Create an access token
You can then create an access token for the client credentials by calling POST /api/v1/oauth/token with the new credentials and following the steps to generate a token here.