IDaaS EIAM提供四种场景的M2M应用SDK，包括OAuth 2.0、Akless、凭证管理和Agent ID，支持多种语言和认证方式以获取访问令牌和STS临时凭证。 - Identity as a Service

IDaaS EIAM provides SDKs for machine-to-machine (M2M) applications across four scenarios: Generic OAuth 2.0, Akless (no AccessKey), credential management, and Agent ID. Review the tables below to select the right SDK for your scenario, then follow the SDK-specific setup guide.

Available SDKs

The following table describes each IDaaS EIAM SDK, its capabilities, dependencies, and supported languages.

SDK	Capabilities	Language
IDaaS Core SDK	Obtains access tokens for M2M client applications using multiple authentication methods. Supports token exchange to obtain access tokens with different audience or scope identifiers.	Java Python
IDaaS Akless Alibabacloud Adapter	Uses the IDaaS Core SDK to performs M2M client application authentication and obtains access tokens. Retrieves temporary STS tokens for cloud roles managed by IDaaS, eliminating the need for static AccessKeys.	Java
IDaaS Core Alibabacloud Authentication Plugin	Extension plugin for IDaaS OpenAPI authentication using Alibaba Cloud identity credentials (AccessKey/SecretKey or STS token). Currently supports the Alibaba Cloud extension plugin only.	Java Python
IDaaS Pam Client	Uses the IDaaS Core SDK to performs M2M client application authentication and obtains access tokens. Retrieves credentials and credential providers managed by IDaaS.	Java Python

Scenarios and Required SDKs

Each scenario maps to one or more SDKs. Identify your scenario below, then install the listed SDKs.

Scenario	Description	Required SDKs
Generic OAuth	M2M client applications authenticate using standard or federated methods to obtain access tokens. Supported authentication methods: Standard (OpenID Connect (OIDC)/OAuth 2.0): `CLIENT_SECRET_BASIC`, `CLIENT_SECRET_POST`, `CLIENT_SECRET_JWT`, `PRIVATE_KEY_JWT` IDaaS federated extensions: PKCS#7, OIDC, PCA Supported environments: local development, Alibaba Cloud ECS, Kubernetes, Function Compute, and others. In environments where federated credentials (PKCS#7, OIDC) are unavailable — such as serverless functions or restricted runtimes，IDaaS supports OpenAPI-based authentication.Add the IDaaS Core Alibabacloud Authentication Plugin to authenticate using Alibaba Cloud AccessKey/SecretKey or Security Token Service (STS) tokens instead.	IDaaS Core SDK IDaaS Core Alibabacloud Authentication Plugin (optional, for OpenAPI authentication)
Akless	Associate Resource Access Management (RAM) roles with IDaaS. At runtime, your application obtains STS tokens through IDaaS to access cloud resources securely — no static AccessKeys required.	IDaaS Core SDK IDaaS Akless Alibabacloud Adapter
Credential Management	Create credentials or credential providers (OAuth 2.0, JSON Web Token (JWT)) in IDaaS. At runtime, your application retrieves and uses these credentials securely through IDaaS.	IDaaS Core SDK IDaaS Pam Client
Agent ID	An agent acts as a client application, authenticating through multiple methods to obtain outbound credentials securely.	IDaaS Core SDK IDaaS Pam Client

Prerequisites and Setup Notes

Before you begin, ensure that you have:

An active IDaaS EIAM instance
An M2M application registered in IDaaS
(For OpenAPI authentication) The required RAM permission policy configured in Alibaba Cloud

IDaaS Core SDK requires a configuration file to specify IDaaS settings. See the documentation for your language:
Language
Documentation
Java
Prepare the environment
Code integration
Python
Prerequisites
Code integration
When using IDaaS OpenAPI authentication, complete the RAM permission policy configuration in Alibaba Cloud. For details, see Alibaba Cloud OpenAPI authentication.
In the Agent ID scenario, configure the agent as a client application:
- In the configuration file, set client_id to the agent's Agent ID and configure the agent's authentication method.
- If using IDaaS OpenAPI authentication, set the ApplicationId field in the Resource of the permission policy to the agent's Agent ID.

Language	Documentation
Java	Prepare the environment Code integration
Python	Prerequisites Code integration