Get an access token with client credentials for Okta - Intergraph Smart Completions - Intergraph Smart Completions Update 4 - Customization & Programming

Intergraph Smart Completions Smart API Programmer's Getting Started Guide
ft:locale
en-US
Product
Intergraph Smart Completions
Search by Category
Customization & Programming
Smart Completions Version
6.0.4

The following example shows how to get an access token for a Power BI client application when using the Client Credentials grant type with the Okta identity provider.

When would I use the Client Credentials grant type?

The Client Credentials grant type is typically used for building a backend service or automated flow. For example, the Client Credentials grant type allows a dashboard to be automatically updated without relying on user authentication, which breaks if the client credentials are changed.

Required information

You need the following information to get an access token with client credentials:

  • The information supplied by the identity provider upon registering Power BI as a client application: token URL, client ID, client secret, scope, and state (optional).

    How do I get this information?

    • For the Smart Cloud environment, this information is supplied by the Smart Cloud support team when they respond to the request to register a client.

    • For other environments, you can get the information from the configuration endpoint for your identity provider:

      <idp_hostname>/<idp_baseurl>/.well-known/openid-configuration

  • The Smart Completions Smart API Base URL.

Create a query to get an access token

Be extremely cautious about sharing PBIX templates! The credentials stored in the token function will allow anyone to access data, including data stored in other applications and shared with Smart Completions.

  1. In the Power BI desktop tool, create a blank query.

    13 - Authorization Code with PKCE 1

  2. Right-click the query, and select Advance Editor.

    14 - Authorization Code with PKCE 2

  3. Copy and paste the following code into the blank query:

    ()=>let

    // Set the client ID and client secret

    client_id = "xxxxx",

    client_secret = "xxxxx",

    // Set the OAuth2 token endpoint

    token_endpoint = "https://<idp_hostname>/v1/token",

    // Set the HTTP headers for the token request

    token_headers = [

    #"Content-Type" = "application/x-www-form-urlencoded",

    #"Accept" = "application/json"

    ],

    // Set the token request body

    token_body = "grant_type=client_credentials&client_id=" &

    client_id & "&client_secret=" & client_secret & "&scope= xxxxx" ,

    // Request an access token from the OAuth2 server

    token_response = Json.Document(Web.Contents(token_endpoint,

    [Headers = token_headers, Content = Text.ToBinary(token_body)])),

    access_token = token_response[access_token]

    in

    access_token

  4. Replace the values for client_id, client_secret, scope, and token_endpoint with your information.

    If the scope value was created by Intergraph Smart© Cloud Portal, you must remove the text ingr.api from the value. For example:

    • Scope created by Smart Cloud Portal: A1B2C3D4-E5F6-G7H8-I9J1-K0L11M12N130 ingr.api

    • Scope to use in the query: A1B2C3D4-E5F6-G7H8-I9J1-K0L11M12N130

  5. Change the query name to GetToken, and select Done.

    16 - Authorization Code with PKCE 4

Use the query to get the access token

  1. Create a second blank query for getting the token using the above GetToken function.

  2. Copy and paste the following code into the blank query:

    let

    Source=OData.Feed("https://<hostname>/sc/datalake/v1",

    [Authorization="Bearer "&GetToken()],[MoreColumns=true])

    in

    Source

  3. Replace the <hostname> placeholder with your hostname.

  4. Select Done.

    The query automatically generates a token and loads the data.