Access token
General - Allocation of Access Tokens (Token)
Access token assignment is required to consume DataChain solution services
| Assigning an authentication access token is only possible for a user referenced in a DataChain instance |
The token ensures full traceability of the consumption of services by a user.
The token ensures security on the actions performed by a user. The use of the Token makes it possible to ensure the policy of rights and permissions for the user who consumes it.
Generation of a Token for a referenced user.
Step 1: Connecting the user to the DataChain instance
To generate an Access Token, the user must connect to a DataChain instance. The user accesses the settings of his account by using the menu My account
Step 2: Access Tokens Tab
Two types of access tokens are available: * Expose: allows you to expose DataBlocks via an API * Client: allows to consume DataChain APIs in add-ons (e.g. PyDC)
A user can generate multiple valid tokens within the same time period. Entering a password is mandatory and allows the user better management of his access tokens.
Step 3: Generating the access token
Choose the type of token to generate Exposition or Client
Exhibition
Enter your password then click on Create access token
Specifies the lifetime of the token
Generated access token
Be sure to save it: the access token is visible only when it is generated.
To ensure security, the access token is never visible in the interface of the DataChain instance again. The user must imperatively copy the access token and keep it when it is generated.
At generation, all access tokens are available in the table
Click to copy access token to clipboard
Customer
Choose the client from the list then enter your password and click on Create access token
It is possible to activate the Offline mode: if the option is checked, the refresh token has no expiration date
Indicates the lifetime of the access token
Access Token: token to use in the headers (header) of HTTP requests (Authorization: Bearer XXXX)
Be sure to save it: the access token is visible only when it is generated.
To ensure security, the access token is never visible in the interface of the DataChain instance again. The user must imperatively copy the access token and keep it when it is generated.
Indicates the lifetime of the Refresh token
Refresh Token: this token is used to generate a new Access Token. This token is to be used in the Body of the Access Token generation request.
Be sure to keep it: the token is visible only when it is generated.
To ensure security, the access token is never visible in the interface of the DataChain instance again. The user must imperatively copy the access token and keep it when it is generated.
Example of request (example.fr = address provided by AdobisGroup on delivery): URL: https://example.fr/auth/realms/dc-realm/protocol/openid-connect/token Method: POST Body: it must contain the 3 values below and be in the format: x-www-form-urlencoded
| key | value |
|---|---|
client_id |
corresponds to the selected customeronne |
grant_type |
refresh_token |
refresh_token |
paste token |
At generation, all access tokens are available in the table
Select client
Click to copy access token to clipboard
Click to copy the Refresh token to the clipboard
Removing Tokens
Tokens are deleted from the token management tables. It is possible to delete all the tokens by clicking at the top right of the tables on Delete all Client tokens that are not offline can be deleted individually.
| A number of situations can cause all of a user’s access tokens to be revoked. Here are two examples: inactivation of a user account by the administrator, exceeding the validity date of the user account |