Management SDKs are used to created instances. For those instances we can use OAuth.
All Management SDK's are working with Red Hat Single Sign On (sso.redhat.com) server. Authentication to services can be done using Keycloak.js library, available at the following locations: NPM,Yarn
When authenticating please use following keycloak client configuration:
{
"realm": "redhat-external",
"auth-server-url": "https://sso.redhat.com/auth/",
"ssl-required": "all",
"resource": "cloud-services",
"public-client": true,
"confidential-port": 0
}
Valid redirect urls:
.openshift.com/*, https://prod.foo.redhat.com/*, https://prod.food.redhat.com:1337/*
For more information about how to use Keycloak.js please refer to official documentation
NOTE: We are working on SDK for Authentication that will provide out of the box support for connections
To authenticate to the Instance SDK's we need to create service account Service account can be created using RHOAS CLI or by UI (https://cloud.redhat.com)
For code based access you can also create service account using ServiceAccount SDK
serviceAccountAPI.createServiceAccount(...)Once we have created service account we can use it to obtain token to the instances SDK
curl --location --request POST 'https://identity.api.openshift.com/auth/realms/rhoas/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=YOURSERVICEACCOUNT' \
--data-urlencode 'client_secret=YOURSERVICEACCOUNT_SECRET' \
--data-urlencode 'scope=email' \
--data-urlencode 'grant_type=client_credentials'NOTE: We are working on SDK for Authentication that will provide out of the box support for connections