Training: Generating Access Tokens using the Client Credential Client

Acme Living will use User Scope Client-generated Access Tokens to interact with Yonomi Platform. Access Tokens generated using User Scope Application Clients require use one of the two OAuth2.0 Authorization Code grant types to obtain tokens. This grant type is used by web and mobile apps and requires an app to launch a browser to begin the flow to generate a token. At a high level, the flow has the following steps:

• The application opens a browser to send the user to the OAuth server
• The user sees the authorization prompt and approves the app’s request
• The user is redirected back to the application with an authorization code in the query string
• The application exchanges the authorization code for an access token

This training will not focus on OAuth2.0 specifics – more on the OAuth2.0 Authorization Code grant type is available online.

The Postman training collection is already set up to make it easy to obtain Client Credential Access Tokens. To obtain an access token:

1. Open the Training collection in Postman
2. Click on the Acme Living (Owner) API Operations collection to open it
3. Click on the Authorization tab. Scroll the pane and notice the values are populated with variables.
4. Click on the Variables tab to see the variables and representative values.
5. Replace the following values with values from the Dev Resource Group created earlier in training:

• yp_auth_organization – This value is listed at the top of the Dev Resource Group
• owner_client_id – This value is listed as the Client ID in the Client Credential created earlier

6. Click the Save button to save the collection.

7. Return to the Authorization tab and scroll to the bottom of the screen

8. Click the Clear cookies button to ensure there are no credentials cached

9. Click the Get New Access Token button. This will launch a browser window that we’ll use to login and generate our token

10. Scroll to the bottom of the browser and click the Continue with [Romanworks] button to launch a federated identity authorization request. (This button will reflect whatever was entered in the Federated Identity name field) Note: Do not click the Continue button or attempt to log in with YP Developer Portal credentials. This flow is not intended to login as the developer.

11. On the next screen you’ll be presented with a similar login challenge. This time, click the Sign Up button to create a new account. This step will create an account representing an Owner.

12. Enter any valid email address and password and click Continue to create a new account to represent the account for an Acme Living Owner. Note: In a production setting this step would not be open for account creation; PACS will either have existing accounts created or integrate this flow with existing new user account creation activities.

13. Upon success, an access token will be generated and captured in Postman. Click the Use Token button to allow Postman to use this credential in API requests.

Important: Note that these tokens expire within 10 minutes. To obtain a new token, follow the steps above but instead of creating a new account, simply log in with previously created credentials.