I have two apps running in one Pantaris project, one is a app another is a api.
When app wants to connect and call api endpoints it is asking access token.
We tried providing process.env.ACCESS_TOKEN at server side and localStorage.get(‘calponia.user.accessToken’) at client side but both did not worked were giving undefined.
We even tried all solutions mentioned here link but were unable to detect ctl command in exec pod.
Can you provide us a solution to have access token.
currently we have no dedicated concept for app-to-app communication in the same project.
We know it is crucial for connected workflows and we are working on it.
For now you could create a device and for the device create a token. This token can access both applications. In order to let your app create a device token you will have to create a dedicated app manifest: Documentation | PANTARIS
The permission to create a device token is a special one and has to be requested explicitly. Additionally it will not work in an app sandbox but only for approved productive apps.
You can call it, but it will redirect the current user to the login. If its called from a backend it will not work because you will get a redirect to the user login promt.
The CIAM login code is returned after the user logged in, thats the only way to get it. Its purpose is to be secret and not used by anyone else that the real user on login. You do not have to take care of it. If the user is accessing your application. We will check if he is logged in and has access to the app and redirect him to the login if needed.
If you need an accesstoken, you can use the method i described above.
If you create a device accesstoken you will once get the plain token (you can use for whatever you need it) and also the id. Even with the id, you can only check if it exists, you will never again get the plain token, so make sure to save it the first time.
The links given by @thomas.schuerle are basically correct, however some kind of incomplete.
What is missing there is the hint, how to use that token for the generated (IoT) Device.
You find this hint in the Pantaris API Documentation - quite prominently in the first section Authorization. It explains how you have to give your Device’s Token as an HTTP Header when hitting your Pantaris-hosted API.
Authorization: Token <your token goes here>
To conclude: all information is available, indeed, but it’s scattered and spread across various documentation sources.
Hey there, just to answer this question in the meantime:
You can test your applications using user- or custom-tokens, which have the required permissions. For example you can read out our user token (which should be a project owner) and use this for testing.
If we retrieve the access token from the user- or custom-tokens or from cookie storage, it operates at the user level. However, we encountered an issue where the access token is only valid within our project. If we provide our application to another project, their access token will be invalid, resulting in non-functional APIs.
((Two app’s communicating inside pantaris) : We have two applications, a backend app and a frontend app, that communicate with each other. The backend app exposes APIs, while the frontend app consumes them. Both apps are hosted in Calponia. In order for the frontend app to communicate with the backend, we need to include an access token in the headers to access the APIs. However, using the approach mentioned above won’t work since the access token is specific to each user. The manifest solution is also not applicable in this scenario. We require an automatic access token generation mechanism, and we need to pass the generated token value in the headers of the frontend app.
I have created the mentioned manifest and published the same but still I see the access token issue.
As i said, there is currently no way to test the refresh-accesstoken permission in sandboxes. You could publish the application as confidential application. It will take some time until approved, but i see it as the current only way.
We have already a plan on how to improve this in the future.
But it seems still not working even we publish the app. See comments above from Rizwan.
I think Rizwan is in contact with other colleagues. I hope this will be solved soon!
Thank you anyway!