Get tokens and access tokens

Some endpoints require that the user is logged in into EDITO.

EDITO services use authentication behind the scenes. When you launch a service through the platform, the service runs inside a secure container. This container needs a valid token to call protected EDITO endpoints. This token is not hard-coded inside the container. You are responsible for retrieving it—either manually or automatically—when your service starts.

Get a token directly from a service

To retrieve your token inside a service with a terminal, simply run source /opt/refreshEditoApiAccessToken.sh. It will prompt for your username and password and export your token in environment variable EDITO_ACCESS_TOKEN. If you set the EDITO_USERNAME and EDITO_PASSWORD environment variables, it will directly return the token without any prompt.

Get a token programmatically

Alternatively, if you want to programmatically retrieve a token, here is the logic given as a curl command that you need to apply. You may want to adapt it to the language you are using. Depending on the service you are targeting, you will need to set the client_id field accordingly.

curl -d 'client_id=<CLIENT_ID>' -d 'username=<USERNAME>' --data-urlencode 'password=<PASSWORD>' -d 'grant_type=password' 'https://auth.dive.edito.eu/auth/realms/datalab/protocol/openid-connect/token' -d 'scope=openid'

Where you have to replace <USERNAME> and <PASSWORD> by your EDITO username and password respectively.

You should receive both an access_token and a refresh_token. The access_token will expire after the value (in seconds) behind the key expires_in. After that, you will no longer be able to use it. So you’ll have to use your refresh_token to ask a new one. Those tokens are JWT (JSON Web Token). You can decode them using https://jwt.io/ if you want read their content. Or you can also use some well known libraries to do the same programmatically.

Again, here is the curl command to do that:

curl -X POST \
  'https://auth.dive.edito.eu/auth/realms/datalab/protocol/openid-connect/token' \
  -d 'client_id=<CLIENT_ID>' \
  -d 'grant_type=refresh_token' \
  -d 'refresh_token=<YOUR_REFRESH_TOKEN>'

This will return you a new access_token along with a new refresh_token.