These docs are for v2.5. Click to read the latest docs for v3.0.

Code examples

Python Code Example

Below is a Python code example of making a client_credentials grant for a client with a private key authentication method.

import jwt, jwcrypto.jwk as jwk, datetime, requests
from datetime import datetime, timedelta, timezone
import time
import random
import string

letters = string.ascii_lowercase

client_id = "client_id here"
private_key = {
}
key = jwk.JWK(**private_key)

def generate_jti():
  return "".join(random.choice(letters) for i in range(32))

def generate_jwt(client_id, identity_server):
  iat = datetime.now()
  exp = datetime.now() + timedelta(hours=1)

  payload = { 
    "iss": client_id,
    "sub": client_id,
    "aud": "{}/oidc/token".format(identity_server),
    "iat": time.mktime(iat.timetuple()),
    "exp": time.mktime(exp.timetuple()),
    "jti": generate_jti()
  }

  return jwt.encode(
    payload,
    key.export_to_pem(private_key=True, password=None), 
    algorithm="RS256",
  )

def get_client_credentials_token(client_id, private_key, scope, identity_server = "https://identity.moneyhub.co.uk"):
  assertion = generate_jwt(client_id=client_id, identity_server=identity_server)
  params = {
    "scope": scope,
    "grant_type": "client_credentials",
    "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
    "client_assertion": assertion,
  }

  headers = {
    "Content-Type": "application/x-www-form-urlencoded",
  }

  return requests.post("{}/oidc/token".format(identity_server), data=params, headers=headers)

r = get_client_credentials_token(client_id=client_id, private_key=private_key, scope="payee:create")

print(r.text)