Bosch IoT Rollouts

Set up Suite Auth OAuth2 client

Table of contents:

Create new OAuth2 client

To create an OAuth2 client, enter the common Bosch IoT Suite UI/Rollouts Management UI, navigate to OAuth2 clients(https://console.bosch-iot-suite.com/oauth2-clients) from the left sidebar, or search for it in Services and features and if needed, use the star icon to pin it to the left navigation.

Click the + icon in the top right to open a dialog where you can enter the required data.

images/confluence/download/attachments/3101809571/s%26e-auth1-version-1-modificationdate-1685975920000-api-v2.png

In particular, you have to enter:

  • Name - an arbitrary name for this new OAuth2 client

  • Client secret - at least 8 characters long

  • Organization scopes - select only one organization scope to specify which role of the related organization gets access by this OAuth2 client

  • Service scopes - select one or more service scopes to define which service instances will be accessible by this OAuth2 client

images/confluence/download/attachments/3101809571/s%26e-auth2-version-1-modificationdate-1685975920000-api-v2.png

Then confirm with Save.

List and filter existing OAuth2 clients

A list of the OAuth2 clients which you have created will be displayed on the main view of the OAuth2 Clients UI feature.

You can filter through your OAuth2 clients using the search bar.

View OAuth2 client information

When you select an OAuth2 client on the list, its details will appear on the right.

In particular, you will be able to see its:

  • Name

  • Client secret - you can view it via the Show button

  • Client ID - automatically assigned by the system, you can copy it via the copy icon at the end of it

  • Last modified

  • Organization scopes

  • Service scopes

images/confluence/download/attachments/3101809571/s%26e-auth3-version-1-modificationdate-1685975920000-api-v2.png

Manage the OAuth2 client

Click the actions icon on the top right to open a dialog with the available management actions:

  • Act as application - you can act as an application using the token of the OAuth2 client to test your work. An example is provided here.

  • Edit - allows you to change the initial settings such as name, secret, organization scopes and service scopes

  • Use access token - you can use your OAuth2 client to create an access token for service API requests. See details below.

  • Delete - you will be asked for confirmation before you actually delete the specified client

images/confluence/download/thumbnails/3101809571/oauth2-clients-2-version-1-modificationdate-1685975920000-api-v2.png

Use access token

By clicking this action, you can obtain a test access token, along with examples of how to fetch an access token for your client, and how to use the obtained access token to access a Bosch IoT Suite service API.

Test access token

You can use the test token to test an API call manually, however, do not use it in your application configuration, as it is set to expire in 720 minutes.

Fetch access token examples

You will find various examples of how to fetch an access token for your client.

The response body will contain the access token, which can then be used in the Authorization HTTP header for subsequent API calls, and some additional meta information such as expiration time, actually granted scopes, and the token type.

Use Service API examples

You will find cURL and Spring examples of how to use the obtained access token to access a Bosch IoT Suite Service API.

images/confluence/download/attachments/3101809571/s%26e-auth5-version-1-modificationdate-1685975920000-api-v2.png

Token details via User view

The User dialog in the header bar displays information about your currently used OAuth2 token, namely its ID, its expiry and Refresh token.

From there you can also start to Act as application.

images/confluence/download/attachments/3101809571/s%26e-auth6-version-1-modificationdate-1685975920000-api-v2.png

Copy the OAuth2 token value and use it to authenticate in the Sign & Encrypt API.