How do i generate Agent Credentials for Bosch IoT Permissions?

Question

I am using the Bosch IoT Suite's Permissions Service.

I have an issue generating agent credentials. What are the steps and parameters i need to specify to generate agent credentials? I am trying to create an agent credentials which is able to auto activate newly created user accounts.

Answer 1

here are some steps to create the agent credentials for Bosch IoT Suite Permissions:

Purpose

Use a AuthorizedClient of Permissions to

• activate Users without having them to do it themselves
• reduce the permissions of a user by creating agent-credentials with a subset of rights (to reduce the impact if credentials are abused)

Prerequisits

1. You have booked the IoT Permissions Service on bosch-iot-suite.com
2. You have created a User in the Permissions Service

Check out the Guide from Bosch IoT Permissions: https://permissions.s-apps.de1.bosch-iot-cloud.com/docs/developer-guide/index.html#Getting-started---Bosch-IoT-Suite_216542264

Guide

1. Create the Authentication Token with your desired user

POST https://permissions-api.s-apps.de1.bosch-iot-cloud.com/2/rest/authentication
Headers:
    x-im-client-access-token: <....>
    Authorization Basic <username:password> (Base64 encoded username:password)

1. Create the Authorization Token with that Authentication Token (warning) You need to be careful to put the right scope into that Authorization Token (to activate users, use scope "pn")

POST https://permissions-api.s-apps.de1.bosch-iot-cloud.com/2/rest/authorization/HAX?scope=pn
Headers:
    x-im-client-access-token: <....>
    Authorization: Bearer <authentication token>

2. Create the Agent Credentials with the Authorization Token

POST https://permissions-api.s-apps.de1.bosch-iot-cloud.com/2/rest/users/current/agent-credentials
Headers:
    x-im-client-access-token: <....>
    Authorization: Bearer <authorization token>

Body:
{
  "scopes": [ "pn" ]
}

Usage in Java implementation

1. Include Permission library into your application Follow the guide from Bosch IoT Permissions
2. Create a Permissions client instance

        Permissions.createClientBuilder()
               .clientId(clientId)
               .clientSecret(clientSecret)
               .serviceUrl(serviceUrl)
               .build();
   

3. Create an authenticated Permissions client (be aware, that the authenticated Permissions client has an expiration date, so you need to recreate it from time to time)

       permissionsClient.authenticate()
               .agentCredentialsId(agentCredentialsId)
               .password(agentPassword)
               .andCreateAuthorizedClient()
               .executeAndGet()
               .getAuthorizedClient();