0

I am using the Bosch IoT Suite's Permissions Service.

I have an issue generating agent credentials. What are the steps and parameters i need to specify to generate agent credentials? I am trying to create an agent credentials which is able to auto activate newly created user accounts.

Yannic Bürgmann
  • 6,301
  • 5
  • 43
  • 77
Zubair Hamed
  • 11
  • 3

1 Answers1

5

here are some steps to create the agent credentials for Bosch IoT Suite Permissions:

Purpose

Use a AuthorizedClient of Permissions to

  • activate Users without having them to do it themselves
  • reduce the permissions of a user by creating agent-credentials with a subset of rights (to reduce the impact if credentials are abused)

Prerequisits

  1. You have booked the IoT Permissions Service on bosch-iot-suite.com
  2. You have created a User in the Permissions Service

Check out the Guide from Bosch IoT Permissions: https://permissions.s-apps.de1.bosch-iot-cloud.com/docs/developer-guide/index.html#Getting-started---Bosch-IoT-Suite_216542264

Guide

  1. Create the Authentication Token with your desired user
POST https://permissions-api.s-apps.de1.bosch-iot-cloud.com/2/rest/authentication
Headers:
    x-im-client-access-token: <....>
    Authorization Basic <username:password> (Base64 encoded username:password)
  1. Create the Authorization Token with that Authentication Token (warning) You need to be careful to put the right scope into that Authorization Token (to activate users, use scope "pn")
POST https://permissions-api.s-apps.de1.bosch-iot-cloud.com/2/rest/authorization/HAX?scope=pn
Headers:
    x-im-client-access-token: <....>
    Authorization: Bearer <authentication token>
  1. Create the Agent Credentials with the Authorization Token
POST https://permissions-api.s-apps.de1.bosch-iot-cloud.com/2/rest/users/current/agent-credentials
Headers:
    x-im-client-access-token: <....>
    Authorization: Bearer <authorization token>

Body:
{
  "scopes": [ "pn" ]
}

Usage in Java implementation

  1. Include Permission library into your application Follow the guide from Bosch IoT Permissions
  2. Create a Permissions client instance 
         Permissions.createClientBuilder()
            .clientId(clientId)
            .clientSecret(clientSecret)
            .serviceUrl(serviceUrl)
            .build();
  3. Create an authenticated Permissions client (be aware, that the authenticated Permissions client has an expiration date, so you need to recreate it from time to time) 
        permissionsClient.authenticate()
            .agentCredentialsId(agentCredentialsId)
            .password(agentPassword)
            .andCreateAuthorizedClient()
            .executeAndGet()
            .getAuthorizedClient();
Fabian Schuerer
  • 55
  • 3
  • Ok cool thanks! It looks like that last bit where the Usage in Java Implementation, i'm seeing both blocks of Java code to be identical. Is that correct? – Zubair Hamed May 09 '19 at 10:19
  • 1
    The answer is really good but I would like to add the following note: Be aware that Agent Credentials are technical credentials for use cases like the one mentioned in the question. So the number of permissions granted to the Agent Credential should be restricted to the required permissions which are needed to fulfill their tasks and not more. It is therefore recommended to use the "filters" property in the request when creating the Agent Credential. You should create an application- or tenant-role and link the required permission (ACTIVATION_CODE_ADMINISTRATION) and filter for that role. – Michael Ernst May 10 '19 at 07:21