The EBSCOhost Entitlement API makes research easy by providing access to full text content from EBSCOhost full text databases.

 

 

 

 

Use the Client Credentials Grant Type

OAuth 2.0 describes a number of grants (methods) for a client application to gain access to the resource owner's account.  The grant type depends on the use case.  In this example, we will use the client credentials grant type which is the simplest of all the grant types. The client credentials grant type is used for confidential client applications that do not make API calls on behalf of a user.  The access token is issued to the application itself.  The client credentials grant type uses an authorization server to gain access to its own service account.  The client application can use the client application credentials (client ID and client secret) to receive an access token from the authorization server.  The access token can then be used to access the service account API endpoints on the resource server.  We will describe the client credentials grant type process in terms of roles in the process:

  • Client Application - The third party application that is trying to gain access to its own service account.
  • Authorization Server - Issues the access token.  
  • Resource Server - Hosts the service account resources.

The client credentials grant type is used when applications need an access token for their own account.  We will describe the client credentials OAuth 2.0 grant type process below. 

 

Make an Access Token Request to the Authorization Server

The first step in the OAuth 2.0 client credentials grant type is for the client application to make an access token request to the authorization server.  The access token request is used to request an access token from the authorization server.  The access token request to the authorization server needs the following parameters:

  • client id - The client id given to the application upon registration.
  • grant type - OAuth 2.0 grant type that determines the processing flow to be used.  When using the client credentials grant type flow, this value is client_credentials.
  • client secret - The client secret given to the application upon registration.

 

Note:  Please make sure that the request body is sent as "x-www-form-urlencoded".

Code Snippet for a Client Application Access Token Request (Node.js):

var access_token_options = { 
        method: 'POST',
        url: 'https://apis.ebsco.com/oauth-proxy/token',
        headers: { 
	   'Content-Type': 'application/x-www-form-urlencoded',
            Authorization: `Basic ${digested}`
        },
        form: { grant_type: 'client_credentials' }
};	

// Send the Request
request(access_token_options, function (error, response, body) {
        if (error) throw new Error(error);

 

Authorization Server Returns an Access Token

After receiving the access token request from the client application, the authorization server responds with an access token to the client application.  The client application can extract the access token from the reponse.

Code Snippet for a Client Application Extracting an Access Token from the Authorization Server Response (Node.js):


request(access_token_options, function (error, response, body) {
   if (error) throw new Error(error);
   let body_json = JSON.parse(body);
   let access_token = body_json.access_token; 
}

 

Use the API

Now that the client application has an access token, the application is free to make API requests to the application's service account.  All requests to the API from the client application should have an access token in the header.

Code Snippet for the Client Application Sending a Request to the API using the Access Token (Node.js):


// Form the Request
let options = { 
    method: 'GET',
    url: 'https://apis.ebsco.com/ehostentitlements/demo.main.profile/discovery',
    qs: { 
       doi: '10,1080/1470243032000212233'
    }, 			
    headers: {
      'Accept': 'application/json',
      'token': 'pw123', 
      'x-forwarded-proto': 'https', 
      'x-forwarded-host': 'test.ebsco.com', 				
       'Authorization': `Bearer ${access_token}` } 
 };

 // Send the Request
 request(options, function (error, response, body) {
     if (error) throw new Error(error);
 });

Then, the service account resources that the client application has requested are received from the API.

Code Snippet for the Client Application Using the Service Account Resources Received from the API (Node.js):


request(options, function (error, response, body) {
    if (error) throw new Error(error);
	    
    // Render the Response    
    res.render('request',{
	    data: {
	       request: JSON.stringify(options, null, 2),
	       response: JSON.stringify(JSON.parse(body), null, 2)
	     }
   });
 });

The client credentials grant is used when applications need to request an access token to access their own resources, not on behalf of a user.  The end result is an access token that can be used by an application to gain access to its own service account.