oAuth for Client Credentials Grant Flow for Long running backend Service

The access token for Client Credentials Grant Flow for a service account I created for my ApplicationID can be done with ot without a service account.

As per the documentation,

  1. I first made the user as Non-Interactive Service Account, then mapped the user to an applicationid and created a service account.
  2. Then using postman when I try to hit  request to https://api.vault.netvoyage.com/v1/OAuth with granty_type as client_credentials and scope with Authorization header "Basic conded(AP-1234ABCD|CA-FEDCBA:abcdefghijklmnopqrstuvwxyz123456890)"
  3. I get access token in the response json
  4. Now where did I mention about the service account that i created in step 1 while requesting the toke ?
  5. No if I go back and delete the service account. I still see the access token coming in the response for the action in step2
  6. Also the token says it expires in 3600s, why do I need to get this token for each api action from a back end windows service every ne hour ? is there a way to get a token with long lofetime ?
  7. please let me know why a service acount is neede.

Please let me know if I doing anything wrong here




  • Also if my back ground job needs to update repositories of different client then how do I do it ?

    Can we get a access_token with a user and password without interactive UI login page of net documents ?

    I would like to pass clientid, client secret, username and password. I want an access_token which as long lifetime

    Comment actions Permalink
  • Access_tokens are not life long. That would be a security issue. .

    Access_tokens expire based on the scope. According to the document it will expire in your case in 3600 seconds of non-use. However, if you continue using the access_token before it expires from non-use, then it will not expire for 1 to 2 days. 

    The NetDocuments Client_credentials method is the only OAuth flow that allows for access_token generation without the UI to complete OAuth authentication process. 

    For security reasons, customers should create their own clientID to be used with client_credentials. The initial service account should also be created by the client. 

    Using the OAuth grant flow process, you can have a initialization process to generate the initial refresh_token. Once the refresh_token is generated you can use it to get a new refresh_token and access_token. Once you get the new refresh_token, your old refresh_token we expire. The new fresh_token will be used to get a new access_token as needed when current access_token expires. 

    Let me know if I missed any of your questions. 

    Comment actions Permalink
  • In step 5 above, did you actually delete the service account? Or did you make the service account disable the non-interactive flag to false which means this use could actually login?


    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post