mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-08-01 05:36:58 +00:00
876ac24e44
* GitBook: [#50] BigQuery, Glue, MSSQL, Postgres, Redshift, Snowflake - V2 * GitBook: [#62] No subject * GitBook: [#63] No subject * GitBook: [#64] Beta * GitBook: [#65] Make Harsha's requested changes to connectors section organization * GitBook: [#66] Kerberos authentication with Hive * GitBook: [#67] Fix procedure overview links * GitBook: [#68] Fix procedure overview links * GitBook: [#69] correct step reference * GitBook: [#70] Add Kerberos connection troubleshooting * updated json schema and schema docs (#3219) * updated json schema and schema docs * added glossay to readme * GitBook: [#72] Metrics & Tests Co-authored-by: Parth Panchal <parth.panchal@deuexsolutions.com> Co-authored-by: Shilpa V <vernekar.shilpa@gmail.com> Co-authored-by: Shannon Bradshaw <shannon.bradshaw@arrikto.com> Co-authored-by: parthp2107 <83201188+parthp2107@users.noreply.github.com> Co-authored-by: pmbrull <peremiquelbrull@gmail.com>
3.7 KiB
3.7 KiB
| description |
|---|
| This is a guide to create ingestion bot service app. |
Copy of Create Service Application
Step 1: Generate Public/Private Key Pair
For a Test or Staging Instance:
- Use a tool such as this JSON Web Key Generator to generate a JWKS public/private key pair for testing.
For a Production Instance:
- Use your own internal instance of the key pair generator.
- Clone the repository using
git clone https://github.com/mitreid-connect/mkjwk.org.git. - Use
mvn package -DskipTests && java -jar target/ROOT.warto run the above repo. - Go to
http:localhost:8080to generate public/private key pairs.
- Enter the following values to generate a public/private key pair:
- Key size - 2048
- Key use — signature
- Algorithm — RSA256
- Key ID — Enter the Key ID that is fetched from the
issuer_url/v1/keys. Fetch thekidas the key ID
- Once you provide the input, click Generate. You will get the Public/Private Keypair, Public/Private Keypair Set, and Public Key
Step 2: Create a Token
While creating the service application, an authorization token will be needed. To create a token:
- Navigate to Security -> API from the left nav bar.
- Click on the Tokens tab.
- Click on Create New Token
- Save the token safely.
Step 3: Create Service Application
- You will need to make a POST request to
https://${yourOktaDomain}/oauth2/v1/clientsendpoint to create a service app in okta - The parameters involved in the request are:
- client_name - the name of the service app
- grant_type - client_credentials
- token_endpoint_auth_method — private_key_jwt
- application_type — service
- jwks — add the Public/Private Keypair Set that you created in the previous step.
- Create a service app using the below format:
curl --location --request POST '<domain-url>/oauth2/v1/clients' \
--header 'Authorization: SSWS <token-created-in-previous-step>' \
--header 'Content-Type: application/json' \
--data-raw '{
"client_name": "OM-service-app-postman-4",
"grant_types": [
"client_credentials"
],
"response_types": [
"token"
],
"token_endpoint_auth_method": "private_key_jwt",
"application_type": "service",
"jwks": {
<public private key pair set with kid(key id) that of the authorization server>
}'
- To check if the service app is created navigate to your Okta Dashboard.
- Click on Applications -> Applications in the left navigation bar.
- You should see your service account in the list.
Step 4: Grant Allowed Scopes
- To add scopes, navigate to your Okta Dashboard. Click on Applications -> Applications as in step 2.
- Click on your service app.
- Now click on Okta API Scopes from the top nav bar.
- Grant the scopes by clicking on Grant. Ensure that the following scopes are granted:
- okta.users.read
- okta.users.manage
- okta.clients.read
- To get more information on the Scopes. Visit the Doc.