ObtainJwtAuthenticationToken - Identity as a Service - Alibaba Cloud Documentation Center

Obtains a JWT authentication token.

Operation description

This API requires an access token issued by IDaaS for authentication and authorization.

The provided access token must have permission to obtain authentication tokens for the built-in privileged access management (PAM) application in IDaaS.

Note

The corresponding scope is urn:cloud:idaas:pam|authentication_token:obtain.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request syntax

POST /v2/{instanceId}/authenticationTokens/_/actions/obtainJwt HTTP/1.1

Path Parameters

Parameter	Type	Required	Description	Example
instanceId	string	Yes	The ID of the instance.	idaas_ue2jvisn35ea5lmthk267xxxxx

Request parameters

Parameter	Type	Required	Description	Example
Authorization	string	Yes	The authentication credential. The format is `Bearer ${access_token}`. Note Use an access token issued by IDaaS.	Bearer xxxxxx
body	object	No	The request body.
consumerId	string	Yes	The ID of the authentication token consumer.	test_jwt_subject
authenticationTokenId	string	Yes	The ID of the authentication token.	atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx

Response elements

Element	Type	Description	Example
	object	The details of the JWT authentication token.
instanceId	string	The ID of the instance.	idaas_ue2jvisn35ea5lmthk267xxxxx
authenticationTokenId	string	The ID of the authentication token.	atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx
credentialProviderId	string	The ID of the credential provider.	atp_01kr2cmj5gxxx4fvmls2e93dxxxxx
createTime	integer	The creation time of the authentication token, provided as a Unix timestamp in milliseconds.	1649830225000
updateTime	integer	The time the authentication token was last updated, provided as a Unix timestamp in milliseconds.	1649830225000
authenticationTokenType	string	The type of the authentication token. Note The value is always `jwt`, indicating a JWT-based authentication token.	jwt
revoked	boolean	Indicates whether the authentication token has been revoked.	false
creatorType	string	The type of the entity that created the authentication token. Valid value: `application`: The token was created by an application.	application
creatorId	string	The ID of the authentication token's creator.	app_ngtkgrrxxxxktg5eao6z4xxxxx
consumerType	string	The type of entity that consumes the authentication token. Valid values: `application`: The token is consumed by an application. `custom`: Indicates a user-defined consumer.	custom
consumerId	string	The ID of the authentication token consumer.	test_jwt_subject
expirationTime	integer	The expiration time of the authentication token, provided as a Unix timestamp in milliseconds.	1772693568000
jwtContent	object	The content of the JWT-based authentication token.
jwtValue	string	The JWT content.	eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
derivedShortToken	string	A short token derived from the JWT.	sk-Nx2vzxxxxxxxxxxxxxxxxx

Examples

Success response

JSON format

{
  "instanceId": "idaas_ue2jvisn35ea5lmthk267xxxxx",
  "authenticationTokenId": "atntkn_01kqflm0sxxx8nmdc1cb5dskxxxxx",
  "credentialProviderId": "atp_01kr2cmj5gxxx4fvmls2e93dxxxxx",
  "createTime": 1649830225000,
  "updateTime": 1649830225000,
  "authenticationTokenType": "jwt",
  "revoked": false,
  "creatorType": "application",
  "creatorId": "app_ngtkgrrxxxxktg5eao6z4xxxxx",
  "consumerType": "custom",
  "consumerId": "test_jwt_subject",
  "expirationTime": 1772693568000,
  "jwtContent": {
    "jwtValue": "eyJhbGciOixxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "derivedShortToken": "sk-Nx2vzxxxxxxxxxxxxxxxxx"
  }
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.