Updating the OAuth2 Client to Use Your Service Instance

Before you begin

You must bind your application to the IE service instance before you perform this task. See Binding Your Application to the Intelligent Environment Service Instance for more information, as it tells you how to verify the binding and view the VCAP_SERVICES environmental variable, which includes the OAuth2 scope, which you will use in the following procedure.

The OAuth2 client uses an authorization grant (one of four defined grant types) to request an access token. Based on the type of authorization grant used, you must update your OAuth2 client to generate the required JWT.

Procedure

  1. To enable applications to access the Intelligent Environment service, make sure your JSON Web Token (JWT) contains the following oauth-scope:
    ie-<service instance name>.zones.<service_instance_guid>.user
    Note: The OAuth2 scope is created when you set up the service in Predix.
  2. To configure your instance of Predix UAA without using extra tools, use the Predix Starter Kit (for Basic Users) or the Predix Starter Kit (for Select Users).
  3. In the Predix Starter Kit screen, click Login as Admin.
  4. In the login screen, enter the following:
    • The predix-uaa URL from the VCAP_SERVICES environmental variable in the UAA URL: field.
    • The admin secret in the Admin secret: field.
  5. Click Submit.
  6. Return to the Predix Starter Kit screen and click Create Client ID.
  7. Verify that the UAA URL: shown here is the same as the one you provided when you logged in.
  8. In the New client ID: field, enter a client ID of your choosing, such as traffic_test2.
  9. In the New client secret: field, enter a client secret of your choosing, such as traffic2.
  10. In the Request field, note the following:
    • The client_id and client_secret are now populated with your choices.
    • For "scope", in ["uaa.none","openid"], add a comma after "openid" and then add the oauth-scope, which is the oauth-scope from the VCAP_SERVICES environmental variable. For example, ["uaa.none","openid","ie-traffic.zones.334d60f8-2bdf-4b9b-a561-1b16a6f2df0e.user"] .
    • For "authorities", in ["openid","uaa.none","uaa.resource"], add a comma after "uaa.resource" and then add the oauth-scope, which is the oauth-scope from the VCAP_SERVICES environmental variable. For example, ["openid","uaa.none","uaa.resource","ie-traffic.zones.334d60f8-2bdf-4b9b-a561-1b16a6f2df0e.user"].
    Note: Make sure the OAuth2 scope is added when creating the Client ID. This is obtained from the VCAP_SERVICES environmental variable of the service you created.
  11. Click Submit.
  12. In the Predix Starter Kit screen, click Create User.
  13. In the Create User screen, do the following:
    1. Enter the Username of the new user.
    2. Enter the Password for the new user.
    3. Enter the Email address for the new user.
    4. Click Submit.
  14. In the Predix Starter Kit screen, click Create Group.
    1. Enter the oauth scope from the VCAP_SERVICES environment variable as the New group name. See Binding Your Application to the Intelligent Environment Service Instance for more information about the oauth scope.
    2. Click Submit.
  15. In the Predix Starter Kit screen, click Add to group.
    1. Enter the Group name that you created previously, if the Group Name field is not auto-populated.
    2. Enter the User name you created previously, to add them to the group.
    3. Click Submit.

What to do next

See Adding Intelligent Environment Services to your Application .
 © 2015-2016 General Electric Company. All rights reserved.