Auth service
The Tailor Platform provides a service to authenticate users and their attributes to manage access control to resources. For example, organizing users with groups or roles as attributes can help simplify the process of managing access levels for a large numbers of users.
Authentication
Auth service offers an authentication with SSO (Single Sign-On).
Currently, OIDC (OpenID Connect) and SAML (Security Assertion Markup Language) protocols are supported.
OpenID Connect (OIDC) Configuration
Here is an example of an OIDC configuration with a cue file:
<span><span style="color: var(--shiki-token-keyword)">package</span><span style="color: var(--shiki-color-text)"> auth</span></span>
<span></span>
<span><span style="color: var(--shiki-token-keyword)">import</span><span style="color: var(--shiki-color-text)"> (</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">github.com/tailor-platform/tailorctl/schema/v2/auth</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">github.com/tailor-platform/tailorctl/schema/v2/secretmanager</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">tailor.build/sample/services/tailordb</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">tailor.build/sample/services/tailordb/type</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">tailor.build/sample/seed/master/data</span><span style="color: var(--shiki-color-text)">:roles</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)">)</span></span>
<span></span>
<span><span style="color: var(--shiki-color-text)">oidc: auth.#Spec </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Namespace: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><your-auth-namespace></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> IdProviderConfigs: [</span></span>
<span><span style="color: var(--shiki-color-text)"> auth.#IDProviderConfig </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Name: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><your_auth_config_name></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> Config: auth.#OIDC </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> ClientID: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><client-id></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> ClientSecret: secretmanager.#SecretValue </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> VaultName: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">default-auth</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> SecretKey: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">client-secret</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)"> ProviderURL: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><your_auth_provider_url></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> #In the case of Auth0 </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">https://<your_tenant>.auth0.com</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span><span style="color: var(--shiki-token-punctuation)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> ]</span></span>
<span><span style="color: var(--shiki-color-text)"> UserProfileProvider: auth.#UserProfileProviderType.TailorDB</span></span>
<span><span style="color: var(--shiki-color-text)"> UserProfileProviderConfig: auth.#TailorDBProviderConfig </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Namespace: tailordb.Namespace</span></span>
<span><span style="color: var(--shiki-color-text)"> </span></span>
<span><span style="color: var(--shiki-color-text)"> # you can use choose the type of user profile</span></span>
<span><span style="color: var(--shiki-color-text)"> Type: type.User.Name</span></span>
<span><span style="color: var(--shiki-color-text)"> UsernameField: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">email</span><span style="color: var(--shiki-color-text)">"</span></span>
<span></span>
<span><span style="color: var(--shiki-color-text)"> # you can use choose the user attribute fields</span></span>
<span><span style="color: var(--shiki-color-text)"> AttributesFields: [</span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">roles</span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-color-text)">]</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)"> MachineUsers: [</span></span>
<span><span style="color: var(--shiki-color-text)"> auth.#MachineUser </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Name: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><your-machine-user-name></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> Attributes: [</span></span>
<span><span style="color: var(--shiki-color-text)"> # you can set the user attribute to the machine user.</span></span>
<span><span style="color: var(--shiki-color-text)"> roles.Roles.Admin.id</span><span style="color: var(--shiki-token-punctuation)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> ]</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span><span style="color: var(--shiki-token-punctuation)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> ]</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>- Namespace: A namespace for this Auth configuration.
- IdProvider: An Identity Provider for SSO. In this case
auth0is used as the identity provider. - IdProviderConfig:
- ClientID: A client ID for the identity provider.
- ClientSecret: A client secret. Managed via a Secret manager service, with the vault named
defaultand the keyoidc-client-secret. - ProviderURL: The URL of the identity provider you want to use.
- UserProfileProvider: The provider of the user profile. In this case,
TailorDBis used as the user profile provider. - UserProfileProviderConfig: The configuration for the user profile provider.
- Namespace: A namespace for this user profile provider.
- Type: A type of the user profile. In this case,
Characteris used as the type of the user profile. Please note that the you need to refer name of the type, not the type itself. - UsernameField: The field to map username. In this case,
emailis used as the username field. - AttributesFields: The fields to map user attributes. In this case,
rolesis used as the attribute field. The attributes need to be an array of UUIDs, other types are not supported.
Security Assertion Markup Language (SAML) Configuration
SAML is an XML-based open standard for exchanging authentication and authorization data between service provider (SP) and the identity provider (IdP). For detailed steps on setting up the IdP with SAML, refer to the tutorial.
Below is an example of a SAML configuration with a cue file:
<span><span style="color: var(--shiki-token-keyword)">package</span><span style="color: var(--shiki-color-text)"> auth</span></span>
<span></span>
<span><span style="color: var(--shiki-token-keyword)">import</span><span style="color: var(--shiki-color-text)"> (</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">github.com/tailor-platform/tailorctl/schema/v2/auth</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">github.com/tailor-platform/tailorctl/schema/v2/secretmanager</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">tailor.build/sample/services/tailordb</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">tailor.build/sample/services/tailordb/type</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">tailor.build/sample/seed/master/data</span><span style="color: var(--shiki-color-text)">:roles</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)">)</span></span>
<span></span>
<span><span style="color: var(--shiki-color-text)">saml: auth.#Spec </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Namespace: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><your-auth-namespace></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> IdProviderConfigs: [</span></span>
<span><span style="color: var(--shiki-color-text)"> auth.#IDProviderConfig </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Name: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><your_auth_config_name></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> Config: auth.#SAML </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> MetadataURL: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><metadata_url></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> SpCertBase64: secretmanager.#SecretValue </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> VaultName: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">default</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> SecretKey: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">saml-cert</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)"> SpKeyBase64: secretmanager.#SecretValue </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> VaultName: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">default</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> SecretKey: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">saml-key</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span><span style="color: var(--shiki-token-punctuation)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> ]</span></span>
<span><span style="color: var(--shiki-color-text)"> UserProfileProvider: auth.#UserProfileProviderType.TailorDB</span></span>
<span><span style="color: var(--shiki-color-text)"> UserProfileProviderConfig: auth.#TailorDBProviderConfig </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Namespace: tailordb.Namespace</span></span>
<span><span style="color: var(--shiki-color-text)"> </span></span>
<span><span style="color: var(--shiki-color-text)"> # you can use choose the type of user profile</span></span>
<span><span style="color: var(--shiki-color-text)"> Type: type.User.Name</span></span>
<span><span style="color: var(--shiki-color-text)"> UsernameField: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">email</span><span style="color: var(--shiki-color-text)">"</span></span>
<span></span>
<span><span style="color: var(--shiki-color-text)"> # you can use choose the user attribute fields</span></span>
<span><span style="color: var(--shiki-color-text)"> AttributesFields: [</span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">roles</span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-color-text)">]</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)"> MachineUsers: [</span></span>
<span><span style="color: var(--shiki-color-text)"> auth.#MachineUser </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Name: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><your-machine-user-name></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> Attributes: [</span></span>
<span><span style="color: var(--shiki-color-text)"> # you can set the user attribute to the machine user.</span></span>
<span><span style="color: var(--shiki-color-text)"> roles.Roles.Admin.id</span><span style="color: var(--shiki-token-punctuation)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> ]</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span><span style="color: var(--shiki-token-punctuation)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> ]</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>- namespace: A namespace for this Auth configuration.
- idProvider: An Identity Provider for SSO. In this case
auth0is used as the identity provider. - idProviderConfig:
- Metadata URL: Metadata URL of the identity provider.
- spCertBase64: Service Provider Certificate. Managed via a secret manager service, with the vault named
defaultand the keysaml-cert. - spKeyBase64: Service Provider Key. Also managed via the secret manager, with the key
saml-key.
- userProfileProvider: The provider of the user profile. In this case,
TailorDBis used as the user profile provider. - userProfileProviderConfig: The configuration for the user profile provider.
- namespace: A namespace for this user profile provider.
- type: A type of the user profile. In this case,
Characteris used as the type of the user profile. Please note that the you need to refer name of the type, not the type itself. - usernameField: The field to map username. In this case,
emailis used as the username field. - attributesFields: The fields to map user attributes. In this case,
rolesis used as the attribute field. The attributes need to be an array of UUIDs, other types are not supported.
Machine user
A Machine user can manage users and application data, including creating, modifying, and deleting them. To add a Machine user to the application, you must first define the user roles in the Tailor DB, and then assign a specific role in the Auth service.
<span><span style="color: var(--shiki-token-keyword)">package</span><span style="color: var(--shiki-color-text)"> auth</span></span>
<span></span>
<span><span style="color: var(--shiki-token-keyword)">import</span><span style="color: var(--shiki-color-text)"> (</span></span>
<span><span style="color: var(--shiki-color-text)"> ...</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">tailor.build/sample/seed/master/data</span><span style="color: var(--shiki-color-text)">:roles</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)">)</span></span>
<span></span>
<span><span style="color: var(--shiki-color-text)">oidc: auth.#Spec </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Namespace: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><your-auth-namespace></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> IdProviderConfigs: [</span></span>
<span><span style="color: var(--shiki-color-text)"> ...</span></span>
<span><span style="color: var(--shiki-color-text)"> ]</span></span>
<span><span style="color: var(--shiki-color-text)"> UserProfileProvider: auth.#UserProfileProviderType.TailorDB</span></span>
<span><span style="color: var(--shiki-color-text)"> UserProfileProviderConfig: auth.#TailorDBProviderConfig </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> ...</span></span>
<span><span style="color: var(--shiki-color-text)"> # you can use choose the user attribute fields</span></span>
<span><span style="color: var(--shiki-color-text)"> AttributesFields: [</span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">roles</span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-color-text)">]</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)"> MachineUsers: [</span></span>
<span><span style="color: var(--shiki-color-text)"> auth.#MachineUser </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Name: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><your-machine-user-name></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> Attributes: [</span></span>
<span><span style="color: var(--shiki-color-text)"> # you can set the user attribute to the machine user.</span></span>
<span><span style="color: var(--shiki-color-text)"> roles.Roles.Admin.id</span><span style="color: var(--shiki-token-punctuation)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> ]</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span><span style="color: var(--shiki-token-punctuation)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> ]</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>After adding the Machine user, run the following command to get the access token.
<span><span style="color: var(--shiki-token-function)">tailorctl</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">workspace</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">machineuser</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">token</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">-a</span><span style="color: var(--shiki-color-text)"> ${your_app_name} </span><span style="color: var(--shiki-token-string)">-m</span><span style="color: var(--shiki-color-text)"> ${your_machine_user_name}</span></span>
<span></span>Once you get an access token, you can use it in the playground to run queries.
Client credentials flow
You can use the machine user's credentials in the client application to authenticate and gain access to APIs without user interaction, using the client credentials flow.
Run the following command to view the machine user credentials.
<span><span style="color: var(--shiki-token-function)">tailorctl</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">workspace</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">machineuser</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">list</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--app</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-keyword)"><</span><span style="color: var(--shiki-token-string)">your-app-nam</span><span style="color: var(--shiki-color-text)">e</span><span style="color: var(--shiki-token-keyword)">></span><span style="color: var(--shiki-color-text)"> </span></span>
<span></span>Request an Access Token
To initiate the flow, the client app needs to post its client credentials to the Tailor app token endpoint.
Here’s an example to make a POST request with the client credentials.
<span><span style="color: var(--shiki-token-function)">curl</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--request</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">POST</span><span style="color: var(--shiki-color-text)"> \</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--url</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">'https://<your-app-domain>/auth/token'</span><span style="color: var(--shiki-color-text)"> \</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--header</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">'content-type: application/x-www-form-urlencoded'</span><span style="color: var(--shiki-color-text)"> \</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--data</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">grant_type=client_credentials</span><span style="color: var(--shiki-color-text)"> \</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--data</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">'client_id=YOUR_CLIENT_ID'</span><span style="color: var(--shiki-color-text)"> \</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--data</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">'client_secret=YOUR_CLIENT_SECRET'</span><span style="color: var(--shiki-color-text)"> </span></span>
<span></span>Once the client app has an access token, it can use this token to make authorized requests to the API.