Configuring Worker with Client Credential Grant
This section outlines topics specific to using Client Credential Grant (CCG) for worker publishing. This feature allows workers to authenticate using the client credential grant method. As worker publishing functions as a service to Windchill, it is recommended to use client credential grant-based authentication.
1. Start with identifying or configuring a user with which you would like to publish the content as a service. It is recommended to use a service principle for publishing purposes. The user should have the rights to publish the content, to access the content from all the contexts across the organization .
2. Generate the client credential grant for the user.
3. The OAuth client should obtain the access token by submitting a POST request to the authorization server's token endpoint. Note that the request body must have the application/x-www-form-urlencoded content type. The four parameters that are needed to configure your worker are as follows:
|
Parameter
|
Description
|
|
grant_type
|
The grant type for this flow is client_credentials.
|
|
CLIENT_ID
|
The client ID you generated in your CAS for this web application
|
|
CLIENT_SECRET
|
The client secret you entered in the CAS when configuring this web application.
|
|
SCOPE
|
Must be WINDCHILL_READ when accessing Windchill or WRS.
|
Security Considerations
• It is recommended that you configure a separate service principle for each worker for each client machine.
• Other configuration properties to be used to specify the users to be utilized for the specified client . In that case, the value for OAuth equals the name of the service principal.
Known Limitations
• The client credential grant does not support the upload to file server hook.