This documentation is for WSO2 Enterprise Mobility Manager 2.1.0. View documentation for the latest release.
Generating the OAuth 2.0 Access Token - Enterprise Mobility Manager 2.1.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

Follow the instructions given below to generate the OAuth 2.0 access token that you need to send via the REST client:

  1. Obtain the client credentials using the dynamic-client-registration service.

    curl -k -H "Content-Type: application/json" -X POST -d '{"owner":"<OWNER>","clientName":"<CLIENT_NAME>","grantType":"<GRANT_TYPE>","tokenScope":"<TOKEN_SCOPE>"}' https://<EMM_HOST>:<EMM_HTTPS_PORT>/dynamic-client-web/register
    • Provide the username as the value for <OWNER>.
    • Provide the name of the service provider ID as the value for <CLIENT_NAME>.

       Click here for more information to getting the service provider ID

      Follow the steps given below to get the service provide ID:

      1. Sign in to the WSO2 EMM Management Console.
      2. Navigate to the Main tab.
      3. Click List under Service Providers to get the list of service providers used in WSO2 EMM. The emm_admin service provideR ID is used to generate the OAuth 2.0 access token.
    • Provide the space delimited list of OAuth2 grant types as the value for <GRANT_TYPE>. Out of the six OAuth 2.0 grant types, WSO2 EMM uses the refresh_token, password and client_credentials grant types to generate the access token.

    • Provide the scope of the issued access token as the value for <TOKEN_SCOPE>. If you are in the production environment, you can provide the scope as PRODUCTION or prod and if you are in the testing environment, you can provide the scope as sandbox.
    • By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
    • By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.

    Example:

    curl -k -H "Content-Type: application/json" -X POST -d '{"owner":"admin","clientName":"admin_emm","grantType":"refresh_token password client_credentials","tokenScope":"prod"}' https://localhost:9443/dynamic-client-web/register
    {"client_secret":"p8g_rFXtbPjl5pGMJe4bNd5fwSEa","callback_url":null,"client_id":"f8fc0aI14DPrQ_DwkpSau1LGdwAa","client_name":"admin_admin_emm"}

     


     

  2. Encode the client credentials as follows:
    1. Access any base64 encoder. 
      Example: https://www.base64encode.org/
    2. Enter the OAuth2 Consumer Key and OAuth2 Consumer Secret in the following format in the encoder input section:
      <CLIENT_ID>:<CLIENT_SECRET>
      For example:
      f8fc0aI14DPrQ_DwkpSau1LGdwAa:p8g_rFXtbPjl5pGMJe4bNd5fwSEa
    3. Click Encode to generate the encoded key.
      The following is an example of an encoded key:
      cDhnX3JGWHRiUGpsNXBHTUplNGJOZDVmd1NFYTpmOGZjMGFJMTREUHJRX0R3a3BTYXUxTEdkd0Fh
  3. Generate the access token using the following command:

    curl -k -d "grant_type=password&username=<USERNAME>&password=<PASSWORD>&scope=<SCOPE>" -H "Authorization: Basic <ENCODED_KEY>" -H "Content-Type: application/x-www-form-urlencoded" https://<EMM_HOST>t:<EMM_HTTPS_PORT>/oauth2/token
    • You need to define the scope based on the API you wish to call.

       Click here for more information on the scope authorization details,
      DescriptionHTTP
      Method 
      PathScope
      Certificate Management
      GET/admin/certificatescertificate:view
      POST/admin/certificatescertificate:manage
      DELETE/admin/certificates/{serialNumber}certificate:manage
      GET/admin/certificates/{serialNumber}certificate:view
      Application Management Administrative Service
      POST/admin/applications/install-applicationapplication:manage
      POST/admin/applications/uninstall-applicationapplication:manage
      Configuration Management
      GET/configurationconfiguration:view
      PUT/configurationconfiguration:modify
      User Management Administrative ServicePOST/admin/users/{username}/credentialsuser:admin:reset-password
      Role Management
      GET/rolesrole:view
      POST/rolesrole:manage
      DELETE/roles/{roleName}role:manage
      GET/roles/{roleName}role:view
      PUT/roles/{roleName}role:manage
      GET/roles/scopesrole:view
      PUT/roles/{roleName}/usersrole:manage
      Device Management
      GET/devicesdevice:view
      POST/devices/search-devicesdevice:view
      GET/devices/{type}/{id}device:view
      GET/devices/{type}/{id}/applicationsdevice:view
      GET/devices/{type}/{id}/effective-policydevice:view
      GET/devices/{type}/{id}/featuresdevice:view
      GET/devices/{type}/{id}/operationsdevice:view
      GET/devices/{type}/{id}/compliance-datadevice:view
      User Management
      GET/usersuser:view
      POST/usersuser:manage
      GET/users/search/usernamesuser:view
      DELETE/users/{username}user:manage
      GET/users/{username}user:view
      PUT/users/{username}user:manage
      PUT/users/{username}/credentialsuser:view
      GET/users/{username}/rolesuser:view
      POST/users/send-invitationuser:manage
      Device Notification Management
      GET/notificationsnotification:view
      PUT/notifications/{id}/mark-checkednotification:view
      Device Policy Management
      GET/policiespolicy:view
      POST/policiespolicy:manage
      PUT/policies/activate-policypolicy:manage
      PUT/policies/deactivate-policypolicy:manage
      POST/policies/remove-policypolicy:manage
      GET/policies/{id}policy:view
      PUT/policies/{id}policy:manage
      PUT/policies/apply-changespolicy:manage
      PUT/policies/prioritiespolicy:manage
      Activity Info Provider
      GET/activitiesactivity:view
      GET/activities/{id}activity:view
      Device Management Administrative ServiceGET/admin/devicesdevice:admin:view
      Device Type Management Admin ServiceGET/admin/device-typesdevice-type:admin:view
      Android Configuration Management
      GET/configurationconfiguration:view
      PUT/configurationconfiguration:manage
      GET/configuration/licensedevice:android:enroll
      Android Device Management
      POST/devicesdevice:android:enroll
      DELETE/devices/{id}device:android:disenroll
      PUT/devices/{id}device:android:enroll
      PUT/devices/{id}/applicationsdevice:android:enroll
      PUT/devices/{id}/pending-operationsdevice:android:enroll
      GET/devices/{id}/statusdevice:android:enroll
      Event Receiver
      GET/eventsdevice:android:event:view
      POST/events/publishdevice:android:event:manage
      Android Device Management Administrative Service
      POST/admin/devices/applicationsdevice:android:operation:applications
      POST/admin/devices/blacklist-applicationsdevice:android:operation:blacklist-app
      POST/admin/devices/change-lock-codedevice:android:operation:change-lock
      POST/admin/devices/clear-passworddevice:android:operation:clear-password
      POST/admin/devices/configure-vpndevice:android:operation:vpn
      POST/admin/devices/configure-wifidevice:android:operation:wifi
      POST/admin/devices/control-cameradevice:android:operation:camera
      POST/admin/devices/encrypt-storagedevice:android:operation:encrypt
      POST/admin/devices/enterprise-wipedevice:android:operation:enterprise-wipe
      POST/admin/devices/infodevice:android:operation:info
      POST/admin/devices/install-applicationdevice:android:operation:install-app
      POST/admin/devices/locationdevice:android:operation:location
      POST/admin/devices/lock-devicesdevice:android:operation:lock
      POST/admin/devices/mutedevice:android:operation:mute
      POST/admin/devices/rebootdevice:android:operation:reboot
      POST/admin/devices/ringdevice:android:operation:ring
      POST/admin/devices/send-notificationdevice:android:operation:notification
      POST/admin/devices/set-password-policydevice:android:operation:password-policy
      POST/admin/devices/set-webclipdevice:android:operation:webclip
      POST/admin/devices/uninstall-applicationdevice:android:operation:uninstall-app
      POST/admin/devices/unlock-devicesdevice:android:operation:unlock
      POST/admin/devices/update-applicationdevice:android:operation:update-app
      POST/admin/devices/upgrade-firmwaredevice:android:operation:upgrade
      POST/admin/devices/wipedevice:android:operation:wipe
    • By default, <EMM_HOST> is localhost. However, if you are using a public IP, the respective IP address or domain needs to be specified.
    • By default, <EMM_HTTPS_PORT> has been set to 9443. However, if the port offset has been incremented by n, the default port value needs to be incremented by n.
    curl -k -d "grant_type=password&username=admin&password=admin&scope=default " -H "Authorization: Basic X1ZpREJUMWJUSHF5eXFfR1Y0UWJoc0V6X1IwYTpLdzIxV1JPRmYyeTc4RGViMXY0UGpoRkdydGhq" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
    {"scope":"default","token_type":"Bearer","expires_in":3600,"refresh_token":"3918597abb7d24f7ac4dbc9173b63e56","access_token":"c11f5e10c1dccabacec6a5741d2037dd"}

     


     

    The above command generates an access token and a refresh token. 
    For more information on generating the access token  and the refreshing the token at the time a token is renewed, see WSO2 APIM documentation on Token API.

 

  • No labels