Exchange client ID and secret for an access token
To integrate JetBrains Central Console features and services with your own applications through a service account, the service account's client ID and client secret need to be exchanged for an access token. The exchange process takes place through the standard OAuth 2.0 Client Credentials flow, which is intended for machine-to-machine (M2M) applications.
For more information about OAuth and the client credentials flow, see the following resources:
Client Credentials Flow Overview (auth0.com)
Specification of the Client Credentials Flow (OAuth 2.0 RFC 6749, section 4.4) (ietf.org)
Prerequisites
For a client to exchange JetBrains Central Console client ID and client secret for a token, it must meet the following requirements:
The client knows its own client ID and client secret and can request access to resources only using its own credentials.
The Client Credentials grant type must only be used by confidential clients (clients that can store the credentials securely).
Access token request
The client makes a POST request to the following token endpoint:
The request must contain the following headers:
Authorization: Uses HTTP Basic Authentication and passes base64-encoded client ID and client secret in the following format:Authorization: Basic base64(client_id + ":" + client_secret)The encoding should be UTF-8 before converting to Base64.
Content-Type: Must be set toapplication/x-www-form-urlencoded.
The request body must include the following parameters:
grant_type: always set toclient_credentialsfor the Client Credentials flow.scopeparameter: must be set tojcp-public.
For a detailed specification and examples of access token requests, see Request and response specification.
Request and response specification
Host: oauth.account.jetbrains.com
The client makes a request to the token endpoint using its client credentials (client ID and client secret) to obtain an access token.
Request parameters
Responses
Error responses
The following table includes a list of error responses and their corresponding descriptions in accordance with Section 5.2 that defines error responses in the RFC 6749 standard.
Error identifier | Description | Solution |
|---|---|---|
| The request is missing a required parameter, includes an unsupported parameter value (other than |
|
| Client authentication failed for reasons such as unknown client, no client authentication included, or unsupported authentication method. |
|
| The provided authorization grant is not valid, has expired, has been revoked, does not match the redirection URI used in the authorization request, or was issued to another client. |
|
| The client is not authorized to use this authorization grant type. |
|
| The authorization server does not support the specified authorization grant type. |
|
| The requested scope is not valid, is unknown, malformed, or exceeds the scope granted by the resource owner. |
|