Class: IbmCloudIam::TokenRetrievalApi

Inherits:
Object
  • Object
show all
Defined in:
lib/ibm_cloud_iam/api/token_retrieval_api.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ TokenRetrievalApi

Returns a new instance of TokenRetrievalApi.



19
20
21
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 19

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_clientObject

Returns the value of attribute api_client.



17
18
19
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 17

def api_client
  @api_client
end

Instance Method Details

#get_token_api_key(grant_type, apikey, opts = {}) ⇒ TokenResponse

Create an IAM access token for a user or service ID using an API key Creates a non-opaque access token for an API key.

Parameters:

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `urn:ibm:params:oauth:grant-type:apikey`.

  • apikey (String)

    The value of the api key.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :ibm_cloud_tenant (String)

    A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the API key can only be created if the account id or enterprise id of the API key is contained in this header.

Returns:



29
30
31
32
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 29

def get_token_api_key(grant_type, apikey, opts = {})
  data, _status_code, _headers = get_token_api_key_with_http_info(grant_type, apikey, opts)
  data
end

#get_token_api_key_delegated_refresh_token(grant_type, apikey, response_type, receiver_client_ids, opts = {}) ⇒ TokenResponse

Create an IAM access token and delegated refresh token for a user or service ID Creates a non-opaque access token and a delegated refresh token for an API key.

Parameters:

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `urn:ibm:params:oauth:grant-type:apikey`.

  • apikey (String)

    The value of the API key.

  • response_type (String)

    Either 'delegated_refresh_token' to receive a delegated refresh token only, or 'cloud_iam delegated_refresh_token' to receive both an IAM access token and a delegated refresh token in one API call.

  • receiver_client_ids (String)

    A comma separated list of one or more client IDs that will be able to consume the delegated refresh token. The service that accepts a delegated refresh token as API parameter must expose its client ID to allow this API call. The receiver of the delegated refresh token will be able to use the refresh token until it expires.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :ibm_cloud_tenant (String)

    A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the API key can only be created if the account id or enterprise id of the API key is contained in this header.

  • :delegated_refresh_token_expiry (Integer)

    Expiration in seconds until the delegated refresh token must be consumed by the receiver client IDs. After the expiration, no client ID can consume the delegated refresh token, even if the life time of the refresh token inside is still not expired. The default, if not specified, is 518,400 seconds which corresponds to 6 days.

Returns:



111
112
113
114
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 111

def get_token_api_key_delegated_refresh_token(grant_type, apikey, response_type, receiver_client_ids, opts = {})
  data, _status_code, _headers = get_token_api_key_delegated_refresh_token_with_http_info(grant_type, apikey, response_type, receiver_client_ids, opts)
  data
end

#get_token_api_key_delegated_refresh_token_with_http_info(grant_type, apikey, response_type, receiver_client_ids, opts = {}) ⇒ Array<(TokenResponse, Integer, Hash)>

Create an IAM access token and delegated refresh token for a user or service ID Creates a non-opaque access token and a delegated refresh token for an API key.

Parameters:

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `urn:ibm:params:oauth:grant-type:apikey`.

  • apikey (String)

    The value of the API key.

  • response_type (String)

    Either 'delegated_refresh_token' to receive a delegated refresh token only, or 'cloud_iam delegated_refresh_token' to receive both an IAM access token and a delegated refresh token in one API call.

  • receiver_client_ids (String)

    A comma separated list of one or more client IDs that will be able to consume the delegated refresh token. The service that accepts a delegated refresh token as API parameter must expose its client ID to allow this API call. The receiver of the delegated refresh token will be able to use the refresh token until it expires.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :ibm_cloud_tenant (String)

    A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the API key can only be created if the account id or enterprise id of the API key is contained in this header.

  • :delegated_refresh_token_expiry (Integer)

    Expiration in seconds until the delegated refresh token must be consumed by the receiver client IDs. After the expiration, no client ID can consume the delegated refresh token, even if the life time of the refresh token inside is still not expired. The default, if not specified, is 518,400 seconds which corresponds to 6 days.

Returns:

  • (Array<(TokenResponse, Integer, Hash)>)

    TokenResponse data, response status code and response headers



126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 126

def get_token_api_key_delegated_refresh_token_with_http_info(grant_type, apikey, response_type, receiver_client_ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_api_key_delegated_refresh_token ...'
  end
  # verify the required parameter 'grant_type' is set
  if @api_client.config.client_side_validation && grant_type.nil?
    fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_api_key_delegated_refresh_token"
  end
  # verify the required parameter 'apikey' is set
  if @api_client.config.client_side_validation && apikey.nil?
    fail ArgumentError, "Missing the required parameter 'apikey' when calling TokenRetrievalApi.get_token_api_key_delegated_refresh_token"
  end
  # verify the required parameter 'response_type' is set
  if @api_client.config.client_side_validation && response_type.nil?
    fail ArgumentError, "Missing the required parameter 'response_type' when calling TokenRetrievalApi.get_token_api_key_delegated_refresh_token"
  end
  # verify the required parameter 'receiver_client_ids' is set
  if @api_client.config.client_side_validation && receiver_client_ids.nil?
    fail ArgumentError, "Missing the required parameter 'receiver_client_ids' when calling TokenRetrievalApi.get_token_api_key_delegated_refresh_token"
  end
  # resource path
  local_var_path = '/identity/token#apikey-delegated-refresh-token'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
  if !content_type.nil?
      header_params['Content-Type'] = content_type
  end
  header_params[:'ibm-cloud-tenant'] = opts[:'ibm_cloud_tenant'] if !opts[:'ibm_cloud_tenant'].nil?

  # form parameters
  form_params = opts[:form_params] || {}
  form_params['grant_type'] = grant_type
  form_params['apikey'] = apikey
  form_params['response_type'] = response_type
  form_params['receiver_client_ids'] = receiver_client_ids
  form_params['delegated_refresh_token_expiry'] = opts[:'delegated_refresh_token_expiry'] if !opts[:'delegated_refresh_token_expiry'].nil?

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'TokenResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || []

  new_options = opts.merge(
    :operation => :"TokenRetrievalApi.get_token_api_key_delegated_refresh_token",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_api_key_delegated_refresh_token\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_token_api_key_with_http_info(grant_type, apikey, opts = {}) ⇒ Array<(TokenResponse, Integer, Hash)>

Create an IAM access token for a user or service ID using an API key Creates a non-opaque access token for an API key.

Parameters:

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `urn:ibm:params:oauth:grant-type:apikey`.

  • apikey (String)

    The value of the api key.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :ibm_cloud_tenant (String)

    A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the API key can only be created if the account id or enterprise id of the API key is contained in this header.

Returns:

  • (Array<(TokenResponse, Integer, Hash)>)

    TokenResponse data, response status code and response headers



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 41

def get_token_api_key_with_http_info(grant_type, apikey, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_api_key ...'
  end
  # verify the required parameter 'grant_type' is set
  if @api_client.config.client_side_validation && grant_type.nil?
    fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_api_key"
  end
  # verify the required parameter 'apikey' is set
  if @api_client.config.client_side_validation && apikey.nil?
    fail ArgumentError, "Missing the required parameter 'apikey' when calling TokenRetrievalApi.get_token_api_key"
  end
  # resource path
  local_var_path = '/identity/token#apikey'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
  if !content_type.nil?
      header_params['Content-Type'] = content_type
  end
  header_params[:'ibm-cloud-tenant'] = opts[:'ibm_cloud_tenant'] if !opts[:'ibm_cloud_tenant'].nil?

  # form parameters
  form_params = opts[:form_params] || {}
  form_params['grant_type'] = grant_type
  form_params['apikey'] = apikey

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'TokenResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || []

  new_options = opts.merge(
    :operation => :"TokenRetrievalApi.get_token_api_key",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_token_assume(grant_type, opts = {}) ⇒ TokenResponse

Create an IAM access token for a Trusted Profile based on the provided entity. Provided entity can be a identity based token which can be a user token, service id token or a cookie. Creates a non-opaque access token for a profile.

Parameters:

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `urn:ibm:params:oauth:grant-type:assume`.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :access_token (String)

    Pass one of 'access_token', 'refresh_token' or 'cookie' to get a token for the profile. Provided access_token/refresh_token/iam_cookie need to be generated for the user or service id that has trust relationship with the profile. If the profile being assumed must satisfy an MFA requirement for the account, the access_token/refresh_token (...etc) used to assume the profile must meet the same requirement, using the same level MFA or higher.

  • :refresh_token (String)

    see 'access_token'

  • :cookie (String)

    see 'access_token'

  • :profile_id (String)

    Pass one of 'profile_id', 'profile_crn' or 'profile_name' and 'account' to select which profile should be used for this IAM token. If you pass a 'profile_id' or 'profile_crn', then the profile must exist in the same account. If you pass a 'profile_name' then 'account' need to be passed in the request where the profile is looked up based on the account.

  • :profile_name (String)

    see 'profile_id'

  • :profile_crn (String)

    see 'profile_id'

  • :account (String)

    ID of the account the profile belongs to

Returns:



209
210
211
212
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 209

def get_token_assume(grant_type, opts = {})
  data, _status_code, _headers = get_token_assume_with_http_info(grant_type, opts)
  data
end

#get_token_assume_with_http_info(grant_type, opts = {}) ⇒ Array<(TokenResponse, Integer, Hash)>

Create an IAM access token for a Trusted Profile based on the provided entity. Provided entity can be a identity based token which can be a user token, service id token or a cookie. Creates a non-opaque access token for a profile.

Parameters:

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `urn:ibm:params:oauth:grant-type:assume`.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :access_token (String)

    Pass one of 'access_token', 'refresh_token' or 'cookie' to get a token for the profile. Provided access_token/refresh_token/iam_cookie need to be generated for the user or service id that has trust relationship with the profile. If the profile being assumed must satisfy an MFA requirement for the account, the access_token/refresh_token (...etc) used to assume the profile must meet the same requirement, using the same level MFA or higher.

  • :refresh_token (String)

    see 'access_token'

  • :cookie (String)

    see 'access_token'

  • :profile_id (String)

    Pass one of 'profile_id', 'profile_crn' or 'profile_name' and 'account' to select which profile should be used for this IAM token. If you pass a 'profile_id' or 'profile_crn', then the profile must exist in the same account. If you pass a 'profile_name' then 'account' need to be passed in the request where the profile is looked up based on the account.

  • :profile_name (String)

    see 'profile_id'

  • :profile_crn (String)

    see 'profile_id'

  • :account (String)

    ID of the account the profile belongs to

Returns:

  • (Array<(TokenResponse, Integer, Hash)>)

    TokenResponse data, response status code and response headers



226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 226

def get_token_assume_with_http_info(grant_type, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_assume ...'
  end
  # verify the required parameter 'grant_type' is set
  if @api_client.config.client_side_validation && grant_type.nil?
    fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_assume"
  end
  # resource path
  local_var_path = '/identity/token#assume'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
  if !content_type.nil?
      header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}
  form_params['grant_type'] = grant_type
  form_params['access_token'] = opts[:'access_token'] if !opts[:'access_token'].nil?
  form_params['refresh_token'] = opts[:'refresh_token'] if !opts[:'refresh_token'].nil?
  form_params['cookie'] = opts[:'cookie'] if !opts[:'cookie'].nil?
  form_params['profile_id'] = opts[:'profile_id'] if !opts[:'profile_id'].nil?
  form_params['profile_name'] = opts[:'profile_name'] if !opts[:'profile_name'].nil?
  form_params['profile_crn'] = opts[:'profile_crn'] if !opts[:'profile_crn'].nil?
  form_params['account'] = opts[:'account'] if !opts[:'account'].nil?

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'TokenResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || []

  new_options = opts.merge(
    :operation => :"TokenRetrievalApi.get_token_assume",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_assume\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_token_cr_token(grant_type, cr_token, opts = {}) ⇒ TokenResponse

Create an IAM access token for a Trusted Profile based on the provided Compute Resource token Creates a non-opaque access token without a refresh token for a Trusted Profile

Parameters:

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `urn:ibm:params:oauth:grant-type:cr-token`.

  • cr_token (String)

    The value of the Compute Resource token. As this is a JWT token, the string can get very long.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :authorization (String)

    IBM Services can pass in a Basic Authorization Header representing a client id with a secret. For customers, omit this header parameter. To build a valid Basic Authorization Header, concatenate the client id with a colon and the secret, i.e. `client_id:client_secret`. This sequence must be Base64 encoded, and prefixed with `Basic`, so that a valid Basic Authorization Header would be: `Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=`

  • :ibm_cloud_tenant (String)

    A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the Trusted Profile can only be created if the Trusted Profile is part of one of the account ids or enterprise ids provided in this header.

  • :profile_id (String)

    Pass one of 'profile_id', 'profile_name' or 'profile_crn to select which profile should be used for this IAM token. This call can only succeed if you have also linked the Trusted Profile to the Compute Resource, or you have created a Trust Rule from the Trusted Profile to the Compute Resource. If you pass a 'profile_name', then the profile is looked up based on the account_id of the Compute resource. If you pass a 'profile_id' or 'profile_crn', then the profile must exist in the same account like the Compute Resource.

  • :profile_name (String)

    see 'profile_id'

  • :profile_crn (String)

    see 'profile_id'

Returns:



298
299
300
301
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 298

def get_token_cr_token(grant_type, cr_token, opts = {})
  data, _status_code, _headers = get_token_cr_token_with_http_info(grant_type, cr_token, opts)
  data
end

#get_token_cr_token_with_http_info(grant_type, cr_token, opts = {}) ⇒ Array<(TokenResponse, Integer, Hash)>

Create an IAM access token for a Trusted Profile based on the provided Compute Resource token Creates a non-opaque access token without a refresh token for a Trusted Profile

Parameters:

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `urn:ibm:params:oauth:grant-type:cr-token`.

  • cr_token (String)

    The value of the Compute Resource token. As this is a JWT token, the string can get very long.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :authorization (String)

    IBM Services can pass in a Basic Authorization Header representing a client id with a secret. For customers, omit this header parameter. To build a valid Basic Authorization Header, concatenate the client id with a colon and the secret, i.e. `client_id:client_secret`. This sequence must be Base64 encoded, and prefixed with `Basic`, so that a valid Basic Authorization Header would be: `Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=`

  • :ibm_cloud_tenant (String)

    A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the Trusted Profile can only be created if the Trusted Profile is part of one of the account ids or enterprise ids provided in this header.

  • :profile_id (String)

    Pass one of 'profile_id', 'profile_name' or 'profile_crn to select which profile should be used for this IAM token. This call can only succeed if you have also linked the Trusted Profile to the Compute Resource, or you have created a Trust Rule from the Trusted Profile to the Compute Resource. If you pass a 'profile_name', then the profile is looked up based on the account_id of the Compute resource. If you pass a 'profile_id' or 'profile_crn', then the profile must exist in the same account like the Compute Resource.

  • :profile_name (String)

    see 'profile_id'

  • :profile_crn (String)

    see 'profile_id'

Returns:

  • (Array<(TokenResponse, Integer, Hash)>)

    TokenResponse data, response status code and response headers



314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 314

def get_token_cr_token_with_http_info(grant_type, cr_token, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_cr_token ...'
  end
  # verify the required parameter 'grant_type' is set
  if @api_client.config.client_side_validation && grant_type.nil?
    fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_cr_token"
  end
  # verify the required parameter 'cr_token' is set
  if @api_client.config.client_side_validation && cr_token.nil?
    fail ArgumentError, "Missing the required parameter 'cr_token' when calling TokenRetrievalApi.get_token_cr_token"
  end
  # resource path
  local_var_path = '/identity/token#cr-token'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
  if !content_type.nil?
      header_params['Content-Type'] = content_type
  end
  header_params[:'Authorization'] = opts[:'authorization'] if !opts[:'authorization'].nil?
  header_params[:'ibm-cloud-tenant'] = opts[:'ibm_cloud_tenant'] if !opts[:'ibm_cloud_tenant'].nil?

  # form parameters
  form_params = opts[:form_params] || {}
  form_params['grant_type'] = grant_type
  form_params['cr_token'] = cr_token
  form_params['profile_id'] = opts[:'profile_id'] if !opts[:'profile_id'].nil?
  form_params['profile_name'] = opts[:'profile_name'] if !opts[:'profile_name'].nil?
  form_params['profile_crn'] = opts[:'profile_crn'] if !opts[:'profile_crn'].nil?

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'TokenResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || []

  new_options = opts.merge(
    :operation => :"TokenRetrievalApi.get_token_cr_token",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_cr_token\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_token_iam_authz(grant_type, access_token, desired_iam_id, opts = {}) ⇒ TokenResponse

Create an IAM access token based on an authorization policy Creates a non-opaque access token, if an appropriate authorization policy is in place. This kind of IAM access token is typically used for access between services.

Parameters:

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `urn:ibm:params:oauth:grant-type:iam-authz`.

  • access_token (String)

    The IAM access token of the identity that has the appropriate authorization to create an IAM access token for a given resource.

  • desired_iam_id (String)

    The IAM ID of the IAM access token identity that should be created. The desired_iam_id identifies a resource identity. The IAM ID consists of the prefix crn- and the CRN of the target identity, e.g. crn-crn:v1:bluemix:public:cloud-object-storage:global:a/59bcbfa6ea2f006b4ed7094c1a08dcdd:1a0ec336-f391-4091-a6fb-5e084a4c56f4::.

  • opts (Hash) (defaults to: {})

    the optional parameters

Returns:



385
386
387
388
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 385

def get_token_iam_authz(grant_type, access_token, desired_iam_id, opts = {})
  data, _status_code, _headers = get_token_iam_authz_with_http_info(grant_type, access_token, desired_iam_id, opts)
  data
end

#get_token_iam_authz_with_http_info(grant_type, access_token, desired_iam_id, opts = {}) ⇒ Array<(TokenResponse, Integer, Hash)>

Create an IAM access token based on an authorization policy Creates a non-opaque access token, if an appropriate authorization policy is in place. This kind of IAM access token is typically used for access between services.

Parameters:

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `urn:ibm:params:oauth:grant-type:iam-authz`.

  • access_token (String)

    The IAM access token of the identity that has the appropriate authorization to create an IAM access token for a given resource.

  • desired_iam_id (String)

    The IAM ID of the IAM access token identity that should be created. The desired_iam_id identifies a resource identity. The IAM ID consists of the prefix crn- and the CRN of the target identity, e.g. crn-crn:v1:bluemix:public:cloud-object-storage:global:a/59bcbfa6ea2f006b4ed7094c1a08dcdd:1a0ec336-f391-4091-a6fb-5e084a4c56f4::.

  • opts (Hash) (defaults to: {})

    the optional parameters

Returns:

  • (Array<(TokenResponse, Integer, Hash)>)

    TokenResponse data, response status code and response headers



397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 397

def get_token_iam_authz_with_http_info(grant_type, access_token, desired_iam_id, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_iam_authz ...'
  end
  # verify the required parameter 'grant_type' is set
  if @api_client.config.client_side_validation && grant_type.nil?
    fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_iam_authz"
  end
  # verify the required parameter 'access_token' is set
  if @api_client.config.client_side_validation && access_token.nil?
    fail ArgumentError, "Missing the required parameter 'access_token' when calling TokenRetrievalApi.get_token_iam_authz"
  end
  # verify the required parameter 'desired_iam_id' is set
  if @api_client.config.client_side_validation && desired_iam_id.nil?
    fail ArgumentError, "Missing the required parameter 'desired_iam_id' when calling TokenRetrievalApi.get_token_iam_authz"
  end
  # resource path
  local_var_path = '/identity/token#iam-authz'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
  if !content_type.nil?
      header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}
  form_params['grant_type'] = grant_type
  form_params['access_token'] = access_token
  form_params['desired_iam_id'] = desired_iam_id

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'TokenResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || []

  new_options = opts.merge(
    :operation => :"TokenRetrievalApi.get_token_iam_authz",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_iam_authz\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_token_password(authorization, grant_type, username, password, opts = {}) ⇒ TokenResponse

Create an IAM access token for a user using username / password credentials and an optional account identifier Creates a non-opaque access token for a username and password. To be able to call IBM Cloud APIs, the token must be made account-specific. For this purpose, also pass the 32 character long identifier for your account in the API call. This API call is possible only for non-federated IBMid users.

Parameters:

  • authorization (String)

    Basic Authorization Header containing a valid client ID and secret. If this header is omitted the request fails with BXNIM0308E: 'No authorization header found'. You can use the client ID and secret that is used by the IBM Cloud CLI: `bx / bx`

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `password`.

  • username (String)

    The value of the username.

  • password (String)

    The value of the password.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :ibm_cloud_tenant (String)

    A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the username / password / account combination can only be created if the account id matches the passed account or the account is member of the enterprise id in this header.

  • :account (String)

    The 32 character identifier of the account. Specify this parameter to get an account-specific IAM token. IBM Cloud APIs require that IAM tokens are account-specific.

Returns:



471
472
473
474
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 471

def get_token_password(authorization, grant_type, username, password, opts = {})
  data, _status_code, _headers = get_token_password_with_http_info(authorization, grant_type, username, password, opts)
  data
end

#get_token_password_with_http_info(authorization, grant_type, username, password, opts = {}) ⇒ Array<(TokenResponse, Integer, Hash)>

Create an IAM access token for a user using username / password credentials and an optional account identifier Creates a non-opaque access token for a username and password. To be able to call IBM Cloud APIs, the token must be made account-specific. For this purpose, also pass the 32 character long identifier for your account in the API call. This API call is possible only for non-federated IBMid users.

Parameters:

  • authorization (String)

    Basic Authorization Header containing a valid client ID and secret. If this header is omitted the request fails with BXNIM0308E: 'No authorization header found'. You can use the client ID and secret that is used by the IBM Cloud CLI: `bx / bx`

  • grant_type (String)

    Grant type for this API call. You must set the grant type to `password`.

  • username (String)

    The value of the username.

  • password (String)

    The value of the password.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :ibm_cloud_tenant (String)

    A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the username / password / account combination can only be created if the account id matches the passed account or the account is member of the enterprise id in this header.

  • :account (String)

    The 32 character identifier of the account. Specify this parameter to get an account-specific IAM token. IBM Cloud APIs require that IAM tokens are account-specific.

Returns:

  • (Array<(TokenResponse, Integer, Hash)>)

    TokenResponse data, response status code and response headers



486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
# File 'lib/ibm_cloud_iam/api/token_retrieval_api.rb', line 486

def get_token_password_with_http_info(authorization, grant_type, username, password, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: TokenRetrievalApi.get_token_password ...'
  end
  # verify the required parameter 'authorization' is set
  if @api_client.config.client_side_validation && authorization.nil?
    fail ArgumentError, "Missing the required parameter 'authorization' when calling TokenRetrievalApi.get_token_password"
  end
  # verify the required parameter 'grant_type' is set
  if @api_client.config.client_side_validation && grant_type.nil?
    fail ArgumentError, "Missing the required parameter 'grant_type' when calling TokenRetrievalApi.get_token_password"
  end
  # verify the required parameter 'username' is set
  if @api_client.config.client_side_validation && username.nil?
    fail ArgumentError, "Missing the required parameter 'username' when calling TokenRetrievalApi.get_token_password"
  end
  # verify the required parameter 'password' is set
  if @api_client.config.client_side_validation && password.nil?
    fail ArgumentError, "Missing the required parameter 'password' when calling TokenRetrievalApi.get_token_password"
  end
  # resource path
  local_var_path = '/identity/token#password'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/x-www-form-urlencoded'])
  if !content_type.nil?
      header_params['Content-Type'] = content_type
  end
  header_params[:'Authorization'] = authorization
  header_params[:'ibm-cloud-tenant'] = opts[:'ibm_cloud_tenant'] if !opts[:'ibm_cloud_tenant'].nil?

  # form parameters
  form_params = opts[:form_params] || {}
  form_params['grant_type'] = grant_type
  form_params['username'] = username
  form_params['password'] = password
  form_params['account'] = opts[:'account'] if !opts[:'account'].nil?

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'TokenResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || []

  new_options = opts.merge(
    :operation => :"TokenRetrievalApi.get_token_password",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: TokenRetrievalApi#get_token_password\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end