mirror of
				https://github.com/open-metadata/OpenMetadata.git
				synced 2025-10-25 07:42:40 +00:00 
			
		
		
		
	
		
			
	
	
		
			78 lines
		
	
	
		
			3.7 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
		
		
			
		
	
	
			78 lines
		
	
	
		
			3.7 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
|   | --- | ||
|  | description: This is a guide to create ingestion bot service app. | ||
|  | --- | ||
|  | 
 | ||
|  | # Create Service Account
 | ||
|  | 
 | ||
|  | ## Step 1: Generate Public/Private key pair
 | ||
|  | 
 | ||
|  | * Use a tool such as this JSON [Web Key Generator](https://mkjwk.org/) to generate a JWKS public/private key pair for testing. | ||
|  | * For a production use case, use your own [internal instance](https://github.com/mitreid-connect/mkjwk.org) of the key pair generator. | ||
|  | * For production use case, clone the repository using `git clone https://github.com/mitreid-connect/mkjwk.org.git`. | ||
|  | * Use `mvn package -DskipTests && java -jar target/ROOT.war` to run the above repo. | ||
|  | * Go to `http:localhost:8080` to generate **public/private key pair**. | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | * Enter following values to generate **public/private key pair**: | ||
|  |   * Key size - 2048 | ||
|  |   * Key use — signature | ||
|  |   * Algorithm — RSA256 | ||
|  |   * Key ID — \(Optional\) This can be any random value. | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | * Once you provide the input, click **Generate**. You will get the **Public/Private Keypair**, **Public/Private Keypair Set** and **Public Key** | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | ## Step 2: Create Service-App
 | ||
|  | 
 | ||
|  | * You will need to make a **POST** request to `https://${yourOktaDomain}/oauth2/v1/clients` endpoint to create a service app in okta | ||
|  | * The parameters involved in the request are: | ||
|  |   * **client\_name** - name of service app | ||
|  |   * **grant\_type** - **client\_credentials** | ||
|  |   * **token\_endpoint\_auth\_method** — **private\_key\_jwt** | ||
|  |   * **application\_type** — **service** | ||
|  |   * **jwks** — add the **Public/Private Keypair Set** that you created in the previous step. | ||
|  | * The request looks something like this: | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | * To check if the service app is created navigate to your **Okta Dashboard**. | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | * Click on **Applications -> Applications** on the left side. | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | * You should see your service account in the list. | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | ## Step 3: Grant allowed scopes
 | ||
|  | 
 | ||
|  | * To add a grant for an allowed scope to your service app, we need to make a **POST** request to `https://${yourOktaDomain}/api/v1/apps/{serviceappclient_id}/grants` endpoint. | ||
|  | * The parameters involved in the request are: | ||
|  |   * **scopeID** — **okta.clients.manage** | ||
|  | * The request looks something like this: | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | * You can also add scopes by navigating to you **Okta Dashboard** and Clicking on **Appications -> Applicaitons** just like in step 2. | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | * Click on your service app. | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | * Now click on Okta API Scopes available on the top of the form. | ||
|  | 
 | ||
|  |  | ||
|  | 
 | ||
|  | * Grant the scopes by clicking on **Grant**. | ||
|  | * To get more info on the scopes. Visit the [Doc](https://developer.okta.com/docs/guides/implement-oauth-for-okta/scopes/) | ||
|  | 
 |