Skip to content

MindSphere SDK V2 for Java - Token Handling

The MindSphere SDK V2 for Java provides an easy authorization handling mechanism. Developers can configure user authorization tokens or service credentials. Service credentials can be set up in multiple ways, either programmatically or environment variables. These service credentials are used to fetch access tokens required to make MindSphere API calls.

Features

Token handling in MindSphere SDK has the following features:

  • Applications can either use a user token or a technical token.
  • Developers can set the service credentials in environment variables. MindSphere SDK fetches tokens using environment variables if neither user token nor service credentials are set programmatically.
  • The scope of a token is configurable and can be one of the following:
    • Tenant scope (default),
    • Subtenant scope.
  • A token is validated using its issuer, issuing time, expiry time, token algorithm and token type before API calls are executed.
  • Technical tokens are used until they expire. A new technical token is generated using service credentials when the expiry time is less than 5 minutes to reduce the number of calls to the Token Management Service API.

Token Fetching Workflow in MindSphere SDK

MindSphere SDK Token fetching flow

As shown in the diagram above, an API call is only executed, if the provided token is valid. The following diagram shows how this is evaluated:

MindSphere SDK Token validation flow

User Token

Applications can pass a user token which is obtained from the request header as below:

1
2
3
MindsphereCredentials credentials = MindsphereCredentials.builder()
                                        .authorization("usertokenFromRequestHeader")
                                        .build();

Technical Token

To use a technical token, applications must be provided service credentials either programmatically or via environment variables.

Provide credentials for technical tokens programmatically as shown below:

1
2
3
4
5
MindsphereCredentials credentials = MindsphereCredentials.builder()
                                        .clientId("ClientId")
                                        .clientSecret("ClientSecret")
                                        .tenant("TenantName")
                                        .build();

Provide credentials for technical tokens with subtenant scope programmatically as shown below:

1
2
3
4
5
6
7
MindsphereCredentials credentials = MindsphereCredentials.builder()
                                        .clientId("ClientId")
                                        .clientSecret("ClientSecret")
                                        .tenant("TenantName")
                                        .subTenant("SubTenantName")
                                        .tokenType(TokenScope.SUB_TENANT)
                                        .build();

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.