Chapter 2. Configuring Authentication with Insights APIs

Procedure

1. From the Red Hat Hybrid Cloud Console, Click the Settings icon and select Service Accounts.
2. Click Create service account to set up the account.
3. Enter a Service account name and a Short description, and click Create. The Red Hat Hybrid Cloud Console creates the service account and displays the unique Client ID and Client secret for the account.

4. Copy the generated Client ID and Client secret values to a secure location. You need to specify these credentials when configuring a connection to a service.

   Important

   The Client secret displays only once, so ensure that you have successfully and securely saved the copied credentials before closing the credentials window.

5. After you save the Client ID and secret to a secure location, select the confirmation check box in the credentials window and close the window. The service account and its Client ID appear on the Service Accounts page.

6. Add the service account to the applicable User Access Groups.

   Note

   Service accounts do not inherit permissions from Default access groups, so you must place them in a User Group to grant them access permissions.

7. At the command line, use a curl command with Red Hat single sign-on (SSO) to generate an access token. Use the service account credentials that you generated in place of <client_id> and <client_secret>.

   curl https://sso.redhat.com/auth/realms/redhat-external/protocol/openidconnect/token -d "grant_type=client_credentials" -d "scope=api.console" -d client_id=<client_id> -d client_secret=<client_secret>

   Copy to Clipboard Toggle word wrap
   Note

   For more information about Red Hat SSO and generating access tokens, see Transition of Red Hat Hybrid Cloud Console APIs from basic authentication to token-based authentication via service accounts.

8. Red Hat Single Sign-On (SSO) responds with a JSON object containing an access token. You can use this access token to make authenticated requests to APIs. To make a request, include the access token generated in the previous step in an Authorization: Bearer HTTP header in your request. Substitute the access token for <access_token>.

   Authorization: Bearer <access_token>

   Copy to Clipboard Toggle word wrap

Procedure

1. Log in to the Red Hat Customer Portal with your username and password.

   Note

   You can no longer log in to your Red Hat account with your email unless your email is your Red Hat login. For more information, see Finding your Red Hat login.

2. Navigate to the Red Hat API Tokens page.
3. Click Generate Token to generate an offline token.

4. At the command line, use a curl command to generate an access token. Use the offline token that you generated in place of <offline_token>.

   curl https://sso.redhat.com/auth/realms/redhat-external/protocol/openidconnect/token -d grant_type=refresh_token -d client_id=rhsm-api -d refresh_token=<offline_token>

   Copy to Clipboard Toggle word wrap
5. Copy the generated access token and save it in a secure location. You can use this access token to make authenticated requests to APIs.

6. To make a request, include the access token in an Authorization: Bearer HTTP header in your API call. Substitute the access token for <access_token>.

   Authorization: Bearer <access_token>

   Copy to Clipboard Toggle word wrap