Generates a JSON Web Token (JWT) authentication token.
Operation description
This API performs identity authentication and authorization using the Access Token issued by IDaaS.
Ensure that the provided Access Token has the authorization to access the "Obtain Authentication Token" feature of the built-in Privileged Access Management (PAM) application in IDaaS.
The corresponding scope is urn:cloud:idaas:pam|authentication_token:obtain.
Try it now
Test
RAM authorization
Request syntax
POST /v2/{instanceId}/authenticationTokens/_/actions/generateJwt HTTP/1.1Path Parameters
|
Parameter |
Type |
Required |
Description |
Example |
| instanceId |
string |
Yes |
Instance ID. |
idaas_ue2jvisn35ea5lmthk267xxxxx |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Authorization |
string |
Yes |
Authentication information. Format: Bearer ${access_token}. Note
Enter the Access Token issued by IDaaS. |
Bearer xxxxxx |
| body |
object |
No |
Request body. |
|
| credentialProviderIdentifier |
string |
Yes |
Credential provider identity. |
test_example_identifier |
| issuer |
string |
No |
The `iss` field of the JWT. |
https://test.issuer.com |
| subject |
string |
Yes |
The `sub` field of the JWT. |
test_jwt_subject |
| audiences |
array |
Yes |
The `aud` field of the JWT. |
|
|
string |
No |
JWT audience. |
test_jwt_audience |
|
| customClaims |
object |
No |
Custom claims. Important Key-value pairs. Keys must be strings. |
|
|
any |
No |
Custom claim key-value pairs. |
- |
|
| expiration |
integer |
No |
The validity period of the JWT, in seconds. |
900 |
| includeDerivedShortToken |
boolean |
No |
Whether the generated JWT needs to include a "derived short token". |
true |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
JWT authentication token details. |
||
| instanceId |
string |
Instance ID. |
idaas_ue2jvisn35ea5lmthk267xxxxx |
| authenticationTokenId |
string |
Authentication token ID. |
atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx |
| credentialProviderId |
string |
Credential provider ID. |
atp_01kr2cmj5gxxx4fvmls2e93dxxxxx |
| createTime |
integer |
The creation time of the authentication token, UNIX timestamp, in milliseconds. |
1649830225000 |
| updateTime |
integer |
The update time of the authentication token, UNIX timestamp, in milliseconds. |
1649830225000 |
| authenticationTokenType |
string |
Authentication token type. Note
The value is fixed as |
jwt |
| revoked |
boolean |
Whether the authentication token is revoked. |
false |
| creatorType |
string |
Authentication token creator type. Valid values:
|
application |
| creatorId |
string |
Authentication token creator ID. |
app_ngtkgrrxxxxktg5eao6z4xxxxx |
| consumerType |
string |
Authentication token consumer type. Valid values:
|
custom |
| consumerId |
string |
Authentication token consumer ID. |
test_jwt_subject |
| expirationTime |
integer |
Authentication token expiration time, UNIX timestamp, in milliseconds. |
1772693568000 |
| jwtContent |
object |
JWT authentication token content. |
|
| jwtValue |
string |
JWT content. |
eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| derivedShortToken |
string |
The derived short token of the JWT. |
sk-Nx2vzxxxxxxxxxxxxxxxxx |
Examples
Success response
JSON format
{
"instanceId": "idaas_ue2jvisn35ea5lmthk267xxxxx",
"authenticationTokenId": "atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx",
"credentialProviderId": "atp_01kr2cmj5gxxx4fvmls2e93dxxxxx",
"createTime": 1649830225000,
"updateTime": 1649830225000,
"authenticationTokenType": "jwt",
"revoked": false,
"creatorType": "application",
"creatorId": "app_ngtkgrrxxxxktg5eao6z4xxxxx",
"consumerType": "custom",
"consumerId": "test_jwt_subject",
"expirationTime": 1772693568000,
"jwtContent": {
"jwtValue": "eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"derivedShortToken": "sk-Nx2vzxxxxxxxxxxxxxxxxx"
}
}Error codes
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.