Authentication

The GPCORE API uses short-lived JWT tokens for authentication, obtained via the OAuth 2.0 client credentials flow. To get started, you create an OAuth client in your user settings, authorize it as a member of the project you want to access, and then exchange the client credentials for a token using your identity provider. The token is passed as a Bearer value in the Authorization metadata header of each gRPC request and expires after a short period, so your integration should handle token renewal automatically.

Please follow the steps below to get a valid JWT token.

Create OAuth Client

Create a new OAuth Client in User Settings -> OAuth Clients. Please save the Client ID and the Client Secret. You can find the guide here.

Authorize Service Account

The created client has also a service account ID. Please authorize the service account by adding it to the project as member. Please note: This action needs to be performed by the project owner.

Create JWT Token

Now you can create a JWT token. Please use the following command to create a new token or add a Keycloak SDK to your project.

export OAUTH_CLIENT_ID="932e8426-ed3d-4594-9b87-8fed4f8afad9"
export OAUTH_CLIENT_SECRET="PGPhCQvy1fXJ9Xzet8yMMwMjGKJtY35T"

export OAUTH_TOKEN_URL="https://auth.g-portal.com/auth/realms/master/protocol/openid-connect/token"

export TOKEN=$(curl -X POST $OAUTH_TOKEN_URL \
    -d "client_id=$OAUTH_CLIENT_ID" \
    -d "client_secret=$OAUTH_CLIENT_SECRET" \
    -d 'grant_type=client_credentials' | jq -r '.access_token')

echo $TOKEN

This token can be added as a Bearer token to the Authorization metadata of the gRPC request.