- Use ruby 2.2+
- Ensure you have
bundlerinstalled; if not, rungem install bundler - Run
bundle installfrom within the sample project root, to install the dependencies
- Create a new Non-Interactive Client
- Take note of the following:
- "Domain" (i.e.
yourtenant.auth0.com) - "Client ID" (i.e.
uF7U8A5xroMfAqTu79CiFPM77oyy49ui) - "Client Secret" (i.e.
fEsYJVSIKABIAEq18N1qOATCSLZDT4jjG7GyskH5BdMO89x4zdHiphL0W23UJe1K)
- "Domain" (i.e.
- Take note of the following:
- Create a new API using
HS256as the signing algorithm- Take note of the following:
- "Identifier" (specified when you create the API, i.e.
https://mygreatapi.example.com) - "Signing Secret" (i.e.
2nzFyhR7JNNN5UgH09qYpX4KLj5nKhFP)
- "Identifier" (specified when you create the API, i.e.
- Take note of the following:
- Grant your new client the ability to request access tokens fir your new api by clicking on the "Non Interactive Clients" tab for your API, and toggle "Unauthorized" for your new client to "Authorized"
- Optional If you wish to specify certain scopes to be included in the access token for this client:
- Create one or more scopes in the "Scopes" tab for your API
- Under the "Non Interactive Clients" tab for your API, expand the settings for the client (using the arrow to the right of the "Authorized" toggle), and check the scopes you'd like included, and click Save.
In your downloaded sample project folder, run:
AUDIENCE=<your API identifier> \
ISSUER=https://<your client domain> \
SIGNING_SECRET=<your API signing secret> \
ruby lib/server_hsa256.rb
curl --request POST
--url https://<your client domain>/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"<your client id>","client_secret":"<your client secret>","audience":"<your api identifier>","grant_type":"client_credentials"}'
You will receive a JSON response with an access_token value.