Access tokens

An access token is provided by an Open ID Connect provider. Like a user session, this contains attributes such as assigned organizations, roles and rights. An issued access token is valid for a short period of time, depending on the configuration in the provider (e.g. Keycloak).

Using the access token

To use access tokens for authentication at the API endpoints, they must be activated in the backend Connection setting of the identity provider.

This can then be transmitted in the form of a bearer token in the Authorization header. The BPC then checks whether this token has been signed by the configured OIDC provider, the token has not expired and whether the respective roles or rights for the endpoint are given.

Example call with curl

The bearer token can be set in the Authorization header in curl as follows:

Example
curl --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR...' 'http://localhost:8181/cxf/bpc-core/status'
Keywords:
Press Esc to exit full screen
Modal image placeholder
Press Esc to exit full screen