mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-10-24 07:14:48 +00:00
3.7 KiB
3.7 KiB
description |
---|
This is a guide to create ingestion bot service app. |
Create Service Application
Step 1: Generate Public/Private Key Pair
For a Test or Staging Instance:
- Use a tool such as this JSON Web Key Generator to generate a JWKS public/private key pair for testing.
For a Production Instance:
- Use your own internal instance of the key pair generator.
- Clone the repository using
git clone https://github.com/mitreid-connect/mkjwk.org.git
. - Use
mvn package -DskipTests && java -jar target/ROOT.war
to run the above repo. - Go to
http:localhost:8080
to generate public/private key pairs.
- Enter the following values to generate a public/private key pair:
- Key size - 2048
- Key use — signature
- Algorithm — RSA256
- Key ID — Enter the Key ID that is fetched from the
issuer_url/v1/keys
. Fetch thekid
as the key ID
- Once you provide the input, click Generate. You will get the Public/Private Keypair, Public/Private Keypair Set, and Public Key
Step 2: Create a Token
While creating the service application, an authorization token will be needed. To create a token:
- Navigate to Security -> API from the left nav bar.
- Click on the Tokens tab.
- Click on Create New Token
- Save the token safely.
Step 3: Create Service Application
- You will need to make a POST request to
https://${yourOktaDomain}/oauth2/v1/clients
endpoint to create a service app in okta - The parameters involved in the request are:
- client_name - the name of the service app
- grant_type - client_credentials
- token_endpoint_auth_method — private_key_jwt
- application_type — service
- jwks — add the Public/Private Keypair Set that you created in the previous step.
- Create a service app using the below format:
curl --location --request POST '<domain-url>/oauth2/v1/clients' \
--header 'Authorization: SSWS <token-created-in-previous-step>' \
--header 'Content-Type: application/json' \
--data-raw '{
"client_name": "OM-service-app-postman-4",
"grant_types": [
"client_credentials"
],
"response_types": [
"token"
],
"token_endpoint_auth_method": "private_key_jwt",
"application_type": "service",
"jwks": {
<public private key pair set with kid(key id) that of the authorization server>
}'
- To check if the service app is created navigate to your Okta Dashboard.
- Click on Applications -> Applications in the left navigation bar.
- You should see your service account in the list.
Step 4: Grant Allowed Scopes
- To add scopes, navigate to your Okta Dashboard. Click on Applications -> Applications as in step 2.
- Click on your service app.
- Now click on Okta API Scopes from the top nav bar.
- Grant the scopes by clicking on Grant. Ensure that the following scopes are granted:
- okta.users.read
- okta.users.manage
- okta.clients.read
- To get more information on the Scopes. Visit the Doc.