Getting Access Tokens Using Client Secret

Generating Tokens for RKVST

Having completed the steps at App Registration, and taken note of the CLIENT ID and the SECRET, a token can be obtained with the following command.

Replace ${CLIENTID} with the application id, and ${SECRET} with your secret from the application registration.

$ RESPONSE=$(curl \ \
    --data-urlencode "grant_type=client_credentials" \
    --data-urlencode "client_id=${CLIENTID}" \
    --data-urlencode "client_secret=${SECRET}")

$ TOKEN=$(echo -n $RESPONSE | jq .access_token | tr -d '"')

Testing Access

To confirm access token configuration, use the shell command (above) to obtain an access token. The response is json structured data. The token is found in the access_token field. It is a base64 encoded JSON Web Token.

The header and payload of the TOKEN can be examined with the following commands.

# Header
echo -n $TOKEN | cut -d '.' -f 1 | base64 -D

# Payload
echo -n $TOKEN | cut -d '.' -f 2 | base64 -D
Note: Decoding tokens with an online service exposes your RKVST until you delete the test secret.

Edit this page on GitHub