mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-10-31 10:39:30 +00:00

Suresh Srinivas 03928036df

2021-08-16 16:52:35 +00:00

description
This is a guide to create ingestion bot service app.

Create Service Account

Step 1: Generate Public/Private key pair

Use a tool such as this JSON Web Key Generator to generate a JWKS public/private key pair for testing.
For a production use case, use your own internal instance of the key pair generator.
For production use case, clone the repository using git clone https://github.com/mitreid-connect/mkjwk.org.git.
Use mvn package -DskipTests && java -jar target/ROOT.war to run the above repo.
Go to http:localhost:8080 to generate public/private key pair.

Enter the following values to generate a public/private key pair:
- Key size - 2048
- Key use — signature
- Algorithm — RSA256
- Key ID — Optional This can be any random value.

Once you provide the input, click Generate. You will get the Public/Private Keypair, Public/Private Keypair Set, and Public Key

You will need to make a POST request to https://${yourOktaDomain}/oauth2/v1/clients endpoint to create a service app in okta
The parameters involved in the request are:
- client_name - the name of the service app
- grant_type - client_credentials
- token_endpoint_auth_method — private_key_jwt
- application_type — service
- jwks — add the Public/Private Keypair Set that you created in the previous step.
The request looks something like this:

To add a grant for an allowed scope to your service app, we need to make a POST request to https://${yourOktaDomain}/api/v1/apps/{serviceappclient_id}/grants endpoint.
The parameters involved in the request are:
- scopeID — okta.clients.manage
The request looks something like this:

You can also add scopes by navigating to your Okta Dashboard and Clicking on Applications -> Applications just like in step 2.