Client credentials flow for technical user

christian.eppler · May 22, 2023, 9:58am

Hello,

we want to use a technical user for our external application to get access to the dataevents and the data of a project.

For this we have create a technical user with the owner role and we have used the OAuth client credentials flow with the scope “pantaris:api-v2” to get a access token in the form of a Bearer token.

The problem now is that i can use this Bearer to acces for example “api.pantaris-latest.de/v2/files/XX”(200) but i have no rights on “download.pantaris-latest.de/”(401) and i also can not get a dataEventToken(403).
Is there anything I am doing wrong, maybe i use the wrong scope or is this not working with the technical user?

NOTE: We test it on pantaris LATEST.

Thanks in advandace for all help.

thomas.schuerle · May 22, 2023, 11:37am

Hi @christian.eppler and welcome in the forum,

right now the service-accounts are only implemented on api-v2 and third-party IAM.

So access/permission errors on other service like the file-service and data-events are fine.

Gona add this points to our todo-list before releasing this feature, if they are not already there

christian.eppler · May 22, 2023, 2:17pm

@thomas.schuerle Ok thanks for the fast answer. Is there a source of information where I can see if this change is implemented?

Another question which is connected to this is. It seem to me that the AMQP data event connection not work anymore since today?

Thanks in advance.

thomas.schuerle · May 22, 2023, 3:03pm

We provide information about changes here: Documentation | PANTARIS and for app-developers also deprecation notes here: Deprecations - PANTARIS.
However, we do not provide change information on test and staging system (like pantaris-latest).

Today we changed our infrastructure provider on latest. Looks like the interface has broken during that change. Will post an update, once working again. (Funny enaugh it’s still working on https)

marcel.mager · May 23, 2023, 9:29am

Is there any news, if AMQP is working again on pantaris-latest.de?

thomas.schuerle · May 23, 2023, 10:16am

Yes, It’s working since yesterday evening again @marcel.mager

christian.eppler · May 30, 2023, 12:18pm

Hello @thomas.schuerle with the normal user token i was able to setup a AMQP connection on latests (until i can use the technical user). But i can not connect to pantarie.io but if i look here Documentation | PANTARIS it should exist there. Or do i understand it not correct and this feature is not deployed on prod?

thomas.schuerle · May 30, 2023, 1:14pm

no, it’s not available on production yet

christian.eppler · May 30, 2023, 1:36pm

Only to be sure what ist then the meaning of:
cite: * API: Add AMQP interface for data-event (Documentation | PANTARIS)
In this case only an interface without the functionality?

thomas.schuerle · May 31, 2023, 9:14am

My last post was a bit short, sorry for the confusion. It’s was meant on the whole aspects of this topic including the Oauth things.

Service accounts / OAuth are limited to latest yet
AMQP-Interface was available on production, but is facing issues right now. Which are expected to be fixed on the next release at 17th of June