Integrate the OAuth Client Credentials

This topic describes the Java SDK OAuth Client Credentials flow integration.

Overview

The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user. In this flow, the client application provides a client ID and a client secret to obtain an access token from a tenant. This grant flow is mainly used for machine to machine communications.

Before you begin

Set up OAuth2 Client Application in your tenant.

Make sure that Client Creds is checked as Auth methods in the Tokens tab.
Refer to CyberArk Identity Java SDK reference for more information on the Java SDK.

Integrate the SDK

Follow the steps below to use this SDK to get the access_token.

Step 1: Configure an OAuthClient instance using the Java SDK

Import the SDK as specified in the Before you get started section.
Pass the required parameters to create an OAuthClient instance.

import com.cyberark.client.OAuthClient;

// provide confidential client details for client_id and client_secret
OAuthClient oauthClient = new OAuthClient(YOUR_TENANT_URL, YOUR_OAUTH_APPLICATION_ID, YOUR_CONFIDENTIAL_CLIENT_ID, YOUR_CONFIDENTIAL_CLIENT_SECRET);

Step 2: Get the tokens

Use the oauthClient instance to call the following builder methods and execute the request to receive tokens.

TokenHolder tokenHolder = oauthClient.requestTokenWithClientCreds()
  	.setGrantType("client_creds")
  	.setScope(YOUR_SCOPE)
  	.execute();

{
  access_token: "YOUR_ACCESS_TOKEN",
  expires_in: 18000,
  scope: "all",
  token_type: "Bearer"
}

Common Methods

For common methods, such as refreshToken, revokeToken and claims, refer to CyberArk Identity Java SDK reference.

Updated over 1 year ago