Is there a way to get a user access token without providing a username and password?

[dvuke]

Good Morning,

I was exploring a use case:

• I want a user access token, but I don't want to pass username and password credentials to retrieve it. (I want to pass client_id, client_secret and some additional claims, such as the subject id)

I was hoping to create a client_credentials type of token request, but allow it to pass claims along with the request so that I could get a user access token back for a given user.

I want to give full trust to the oauth client to retrieve user tokens. I already have the user authenticated, but I want to generate an api access token for a 3rd party for that user; so I want to use a client_id and client_secret, and embed claims in the request so that the token retrieved has the user's information in the response.

any luck?

[aka5h2017]

https://docs.cloudfoundry.org/api/uaa/version/77.4.0/index.html#token

Would the passcode flow work?

[strehle]

You can get an access_token without it, but you need to be logged in. The passcode is providing this.

1. Retrieve a passcode from /passcode endpoint from a logged in browser session, e.g. https://docs.cloudfoundry.org/api/uaa/version/77.4.0/index.html#passcode
2. Take the passcode and exchange it with a token e.g. https://docs.cloudfoundry.org/api/uaa/version/77.4.0/index.html#one-time-passcode

[strehle]

close