How to use OAuth 2.0 for server to server apps

If your application requires direct access to another server, without user authorization, you create a Server to server app. This option is based on the OAuth 2.0 client credentials grant type. During this flow, your app uses its OAuth credentials to retrieve an access token.

Scoping has special importance in server to server apps. Scopes provide a way to implement control over what areas in an Organization your client can access - specifically which role in an Organization, and what services and the level of permissions. As an Organization Owner user, you can add your server to server app to any of your Organizations. So while you can specify a wide range of access for your app over many cloud services, access is eventually determined by the services contained in an Organization. You receive notification when you add an OAuth app to an Organization that does not include the services included in the scope of the app.

Prerequisites

You have the required permissions for adding and managing OAuth apps in this Organization. See What Organization roles are available in VMware Cloud Services.

Procedure

Log in to Cloud Services Console.
Click Organization > OAuth Apps, and then click Create New OAuth App.
Select Server to server app.
Register your client by entering a name and description.
Set Access Token TTL value for the new OAuth app.
The Access Token time to live (TTL) defines the time period the token is valid.
- the default Access Token TTL time is 30 minutes;
- the maximum Access Token TTL time you can set is 300 minutes (five hours);
- The minimum Access Token TTL time you can set is 1 minute.
Define scopes.
Scopes provide a way to implement control over what areas in an Organization your client can access - specifically which role in an Organization, and what services and the level of permissions.
Click Create to generate the client credentials.
On the OAuth app created pop-up window, copy the credentials or download a JSON file, and click Continue.
You are responsible for storing your credentials in a safe place.
(Optional) Add the app to the active Organization.
You can skip this step and add the app to this Organization, and other Organizations later. See, How to manage OAuth 2.0 apps.

What to do next

Paste the credentials into your script.