2021-11-03-oauth2.html

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="keywords" content="blogarchitectureconnectivity,  ">
<title>  Support for OAuth2 client credentials flow for HTTP connections • Eclipse Ditto™</title>

<link rel="stylesheet" href="css/syntax.css">
<link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" crossorigin="anonymous">
<link rel="stylesheet" href="css/modern-business.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/css/bootstrap.min.css" crossorigin="anonymous">
<link rel="stylesheet" href="css/customstyles.css">
<link rel="stylesheet" href="css/boxshadowproperties.css">
<link rel="stylesheet" href="css/theme-ditto.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:400,700|Source+Code+Pro:300,600|Titillium+Web:400,600,700">

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/anchor-js/2.1.0/anchor.min.js" crossorigin="anonymous"></script>
<script src="js/toc.js"></script>
<script src="js/customscripts.js"></script>

<script type="application/ld+json">
{
  "@context": "http://schema.org",
  "@type": "Organization",
  "url": "https://www.eclipse.dev/ditto/",
  "logo": "https://www.eclipse.dev/ditto/images/ditto.svg"
}
</script>

<link rel="icon" type="image/png" href="images/favicon-16x16.png" sizes="16x16">
<link rel="icon" type="image/png" href="images/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="images/favicon-96x96.png" sizes="96x96">

<link rel="alternate" type="application/rss+xml" title="Eclipse Ditto Blog" href="https://www.eclipse.dev/ditto/feed.xml">

<!-- Eclipse Foundation cookie consent: -->
<link rel="stylesheet" type="text/css" href="https://www.eclipse.org/eclipse.org-common/themes/solstice/public/stylesheets/vendor/cookieconsent/cookieconsent.min.css" />
<script src="https://www.eclipse.org/eclipse.org-common/themes/solstice/public/javascript/vendor/cookieconsent/default.min.js"></script>

    <script>
        $(document).ready(function() {
            $("#tg-sb-link").click(function() {
                $("#tg-sb-sidebar").toggle();
                $("#tg-sb-content").toggleClass('col-md-9');
                $("#tg-sb-content").toggleClass('col-md-12');
                $("#tg-sb-icon").toggleClass('fa-toggle-on');
                $("#tg-sb-icon").toggleClass('fa-toggle-off');
            });
        });
    </script>
</head>


<script>
    (function(w,d,s,l,i){
        w[l]=w[l]||[];
        w[l].push({'gtm.start':
            new Date().getTime(),event:'gtm.js'});
        var f=d.getElementsByTagName(s)[0],
            j=d.createElement(s),
            dl=l!='dataLayer'?'&l='+l:'';
        j.async=true;
        j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;
        f.parentNode.insertBefore(j,f);
    })(window,document,'script','dataLayer','GTM-5WLCZXC');
</script>



<body>
<!-- Navigation -->
<nav class="navbar navbar-inverse navbar-fixed-top">
    <div class="container topnavlinks">
        <div class="navbar-header">
            <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
                <span class="sr-only">Toggle navigation</span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="navbar-ditto-home" href="index.html">&nbsp;<img src="images/ditto_allwhite_symbolonly.svg" class="ditto-navbar-symbol" alt="Home"> <img src="images/ditto_allwhite_textonly.svg" class="ditto-navbar-symbol-text" alt="Eclipse Ditto™"></a>
        </div>
        <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
            <ul class="nav navbar-nav navbar-right">
                <!-- toggle sidebar button -->
                <!--<li><a id="tg-sb-link" href="#"><i id="tg-sb-icon" class="fa fa-toggle-on"></i> Nav</a></li>-->
                <!-- entries without drop-downs appear here -->




                
                
                
                <li><a href="blog.html">Blog</a></li>
                
                
                
                <li><a href="intro-overview.html">Documentation</a></li>
                
                
                
                <li><a href="http-api-doc.html">HTTP API</a></li>
                
                
                
                <li><a href="sandbox.html">Sandbox</a></li>
                
                
                
                  
                  <li><a href="https://github.com/eclipse-ditto/ditto" target="_blank">
                    <img src="images/GitHub-Mark-Light-32px.png" alt="Sources at GitHub">
                  </a></li>
                  
                
                
                
                  
                  <li><a href="https://github.com/eclipse-ditto/ditto-clients" target="_blank">
                    <img src="images/GitHub-Mark-Light-32px.png" alt="SDK sources at GitHub">SDKs
                  </a></li>
                  
                
                
                
                  
                  <li><a href="https://github.com/eclipse-ditto/ditto-examples" target="_blank">
                    <img src="images/GitHub-Mark-Light-32px.png" alt="Example sources at GitHub">examples
                  </a></li>
                  
                
                
                
                <!-- entries with drop-downs appear here -->
                <!-- conditional logic to control which topnav appears for the audience defined in the configuration file.-->
                
                
                <li class="dropdown">
                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">Links<b class="caret"></b></a>
                    <ul class="dropdown-menu">
                        
                        
                        <li><a href="https://projects.eclipse.org/projects/iot.ditto" target="_blank">Eclipse Ditto Project</a></li>
                        
                        
                        
                        <li><a href="https://www.eclipse.org/forums/index.php/f/364/" target="_blank">Forum</a></li>
                        
                        
                        
                        <li><a href="https://ci.eclipse.org/ditto/" target="_blank">Jenkins</a></li>
                        
                        
                        
                        <li><a href="https://dev.eclipse.org/mhonarc/lists/ditto-dev/" target="_blank">Mailing list archives</a></li>
                        
                        
                        
                        <li><a href="https://gitter.im/eclipse/ditto" target="_blank">Gitter.im chat</a></li>
                        
                        
                    </ul>
                </li>
                
                
                
                <!--comment out this block if you want to hide search-->
                <li>
                    <!--start search-->
                    <div id="search-demo-container">
                        <input type="text" id="search-input" placeholder="search...">
                        <ul id="results-container"></ul>
                    </div>
                    <script src="https://cdnjs.cloudflare.com/ajax/libs/simple-jekyll-search/0.0.9/jekyll-search.js" type="text/javascript"></script>
                    <script type="text/javascript">
                            SimpleJekyllSearch.init({
                                searchInput: document.getElementById('search-input'),
                                resultsContainer: document.getElementById('results-container'),
                                dataSource: 'search.json',
                                searchResultTemplate: '<li><a href="{url}" title="Support for OAuth2 client credentials flow for HTTP connections">{title}</a></li>',
                                noResultsText: 'No results found.',
                                limit: 10,
                                fuzzy: true,
                    })
                    </script>
                    <!--end search-->
                </li>
            </ul>
        </div>
    </div>
    <!-- /.container -->
</nav>

<!-- Page Content -->
<div class="container">
  <div id="main">
    <!-- Content Row -->
    <div class="row">
        
        

        <!-- Content Column -->
        <div class="col-md-12" id="tg-sb-content">
            <!-- Look the author details up from the site config. -->


<!-- Output author details if some exist. -->
<!-- Output author details if some exist. -->
<!---->
<!--<span>-->
    <!--&lt;!&ndash; Mugshot. &ndash;&gt;-->
    <!--<img src="https://www.gravatar.com/avatar/d923944b6a8c76e411ff838fb19acfa7?s=135" alt="A photo of Yufei Cai" />-->

<!--&lt;!&ndash; Personal Info. &ndash;&gt;-->
    <!--Written by <a href="https://github.com/yufei-cai" target="_blank">Yufei Cai</a>-->
<!--</span>-->
<!---->

<article class="post" itemscope itemtype="http://schema.org/BlogPosting">

    <header class="post-header">
        <h1 class="post-title" itemprop="name headline">Support for OAuth2 client credentials flow for HTTP connections</h1>
        <p class="post-meta">Published by <img src="https://www.gravatar.com/avatar/d923944b6a8c76e411ff838fb19acfa7?s=135" alt="A photo of Yufei Cai" style="width:50px;border-radius:50%;display:inline-block;margin-right:5px;" /><span itemprop="author" itemscope itemtype="http://schema.org/Person"><span itemprop="name"><a href="https://github.com/yufei-cai" target="_blank">Yufei Cai</a> </span></span> on <time datetime="2021-11-03T00:00:00+00:00" itemprop="datePublished">Nov 3, 2021</time> - Tags:
            
            
            
            <a href="tag_blog.html">blog</a>, 
            
            
            
            <a href="tag_architecture.html">architecture</a>, 
            
            
            
            <a href="tag_connectivity.html">connectivity</a>
            
            
            

        </p>


    </header>

    <div class="post-content" itemprop="articleBody">

        

        
        
<!-- this handles the automatic toc. use ## for subheads to auto-generate the on-page minitoc. if you use html tags, you must supply an ID for the heading element in order for it to appear in the minitoc. -->
<script>
$( document ).ready(function() {
  // Handler for .ready() called.

$('#toc').toc({ minimumHeaders: 0, listType: 'ul', showSpeed: 0, headers: 'h2,h3,h4' });

/* this offset helps account for the space taken up by the floating toolbar. */
$('#toc').on('click', 'a', function() {
  var target = $(this.getAttribute('href'))
    , scroll_target = target.offset().top

  $(window).scrollTop(scroll_target - 10);
  return false
})
  
});
</script>

<div id="toc"></div>

        

        <p>The upcoming release of Eclipse Ditto <strong>version 2.2.0</strong> supports HTTP connections that authenticate their requests
via OAuth2 client credentials flow as described in
<a href="https://datatracker.ietf.org/doc/html/rfc6749#section-4.4">section 4.4 of RFC-6749</a>.</p>

<p>Detailed information can be found at
<a href="connectivity-protocol-bindings-http.html#oauth2-client-credentials-flow">Connectivity API &gt; HTTP 1.1 protocol binding</a>.</p>

<p>This blog post shows an example of publishing a twin event to an HTTP endpoint via OAuth2 client credentials flow.
For simplicity, we will use <code class="language-plaintext highlighter-rouge">webhook.site</code> for both the token endpoint and the event publishing destination.
Feel free to substitute them for real OAuth and HTTP servers.</p>

<h1 id="prerequisites">Prerequisites</h1>

<p>This example requires 2 webhooks. We will use</p>
<ul>
  <li><code class="language-plaintext highlighter-rouge">https://webhook.site/785e80cd-e6e6-452a-be97-a59c53edb4d9</code> for access token requests, and</li>
  <li><code class="language-plaintext highlighter-rouge">https://webhook.site/6148b899-736f-47e6-9382-90b1d721630e</code> for event publishing.</li>
</ul>

<p>Replace the webhook URIs by your own.</p>

<h1 id="configure-the-token-endpoint">Configure the token endpoint</h1>

<p>Configure the token webhook to return a valid access token response. Here is an example for a token expiring
at 00:00 on 1 January 3000. The field <code class="language-plaintext highlighter-rouge">expires_in</code> is an arbitrary big number not reflecting the actual expiration
time of the access token.</p>

<ul>
  <li>Status code: 200</li>
  <li>Content type: <code class="language-plaintext highlighter-rouge">application/json</code></li>
  <li>Response body:
    <div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
  </span><span class="nl">"access_token"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ewogICJhbGciOiAiUlMyNTYiLAogICJ0eXAiOiAiSldUIgp9.ewogICJhdWQiOiBbXSwKICAiY2xpZW50X2lkIjogIm15LWNsaWVudC1pZCIsCiAgImV4cCI6IDMyNTAzNjgwMDAwLAogICJleHQiOiB7fSwKICAiaWF0IjogMCwKICAiaXNzIjogImh0dHBzOi8vbG9jYWxob3N0LyIsCiAgImp0aSI6ICI3ODVlODBjZC1lNmU2LTQ1MmEtYmU5Ny1hNTljNTNlZGI0ZDkiLAogICJuYmYiOiAwLAogICJzY3AiOiBbCiAgICAibXktc2NvcGUiCiAgXSwKICAic3ViIjogIm15LXN1YmplY3QiCn0.QUJD"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"expires_in"</span><span class="p">:</span><span class="w"> </span><span class="mi">1048576</span><span class="p">,</span><span class="w">
  </span><span class="nl">"scope"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my-scope"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"token_type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"bearer"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div>    </div>
  </li>
</ul>

<p>The access token has the form <code class="language-plaintext highlighter-rouge">&lt;headers&gt;.&lt;body&gt;.&lt;signature&gt;</code>, where <code class="language-plaintext highlighter-rouge">&lt;headers&gt;</code> and <code class="language-plaintext highlighter-rouge">&lt;body&gt;</code> are base64-encoding
of the headers and the body in JSON format, and <code class="language-plaintext highlighter-rouge">&lt;signature&gt;</code> is the base-64 encoded signature computed according
to the issuer’s key pair. Since the token webhook is not a real OAuth2 server, the signature in the example is a
placeholder. The unencoded headers and body are as follows.</p>

<h3 id="headers">Headers</h3>

<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
  </span><span class="nl">"alg"</span><span class="p">:</span><span class="w"> </span><span class="s2">"RS256"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"typ"</span><span class="p">:</span><span class="w"> </span><span class="s2">"JWT"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>

<h3 id="body">Body</h3>

<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
  </span><span class="nl">"aud"</span><span class="p">:</span><span class="w"> </span><span class="p">[],</span><span class="w">
  </span><span class="nl">"client_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my-client-id"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"exp"</span><span class="p">:</span><span class="w"> </span><span class="mi">32503680000</span><span class="p">,</span><span class="w">
  </span><span class="nl">"ext"</span><span class="p">:</span><span class="w"> </span><span class="p">{},</span><span class="w">
  </span><span class="nl">"iat"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w">
  </span><span class="nl">"iss"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://localhost/"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"jti"</span><span class="p">:</span><span class="w"> </span><span class="s2">"785e80cd-e6e6-452a-be97-a59c53edb4d9"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"nbf"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w">
  </span><span class="nl">"scp"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="s2">"my-scope"</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="nl">"sub"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my-subject"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>

<h1 id="create-the-connection">Create the connection</h1>

<p><a href="connectivity-manage-connections.html#create-connection">Create a connection</a>
publishing twin events to the event publishing webhook using OAuth2 credentials.
The <code class="language-plaintext highlighter-rouge">tokenEndpoint</code> field is set to the access token webhook.</p>

<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
  </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"http_oauth2"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"http_oauth2"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"connectionType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"http-push"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"connectionStatus"</span><span class="p">:</span><span class="w"> </span><span class="s2">"open"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://webhook.site:443"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"targets"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
    </span><span class="p">{</span><span class="w">
      </span><span class="nl">"address"</span><span class="p">:</span><span class="w"> </span><span class="s2">"POST:/6148b899-736f-47e6-9382-90b1d721630e"</span><span class="p">,</span><span class="w">
      </span><span class="nl">"topics"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"_/_/things/twin/events"</span><span class="p">],</span><span class="w">
      </span><span class="nl">"authorizationContext"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"integration:ditto"</span><span class="p">]</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">],</span><span class="w">
  </span><span class="nl">"credentials"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
    </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"oauth-client-credentials"</span><span class="p">,</span><span class="w">
    </span><span class="nl">"tokenEndpoint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://webhook.site/785e80cd-e6e6-452a-be97-a59c53edb4d9"</span><span class="p">,</span><span class="w">
    </span><span class="nl">"clientId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my-client-id"</span><span class="p">,</span><span class="w">
    </span><span class="nl">"clientSecret"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my-client-secret"</span><span class="p">,</span><span class="w">
    </span><span class="nl">"requestedScopes"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my-scope"</span><span class="w">
  </span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>

<h1 id="generate-a-thing-created-event">Generate a thing-created event</h1>

<p><a href="http-api-doc.html#/Things/post_things">Create a thing</a>
granting read access to the connection’s subject. The thing-created event will be distributed
to the connection for publishing.</p>

<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
  </span><span class="nl">"_policy"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
    </span><span class="nl">"entries"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
      </span><span class="nl">"DEFAULT"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
        </span><span class="nl">"subjects"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
          </span><span class="nl">"{{ request:subjectId }}"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
            </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"the creator"</span><span class="w">
          </span><span class="p">},</span><span class="w">
          </span><span class="nl">"integration:ditto"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
            </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"the connection"</span><span class="w">
          </span><span class="p">}</span><span class="w">
        </span><span class="p">},</span><span class="w">
        </span><span class="nl">"resources"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
          </span><span class="nl">"policy:/"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
            </span><span class="nl">"grant"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"READ"</span><span class="p">,</span><span class="w"> </span><span class="s2">"WRITE"</span><span class="p">],</span><span class="w">
            </span><span class="nl">"revoke"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w">
          </span><span class="p">},</span><span class="w">
          </span><span class="nl">"thing:/"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
            </span><span class="nl">"grant"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"READ"</span><span class="p">,</span><span class="w"> </span><span class="s2">"WRITE"</span><span class="p">],</span><span class="w">
            </span><span class="nl">"revoke"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w">
          </span><span class="p">}</span><span class="w">
        </span><span class="p">}</span><span class="w">
      </span><span class="p">}</span><span class="w">
    </span><span class="p">}</span><span class="w">
  </span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>

<h1 id="http-requests-made-by-the-http-connection">HTTP requests made by the HTTP connection</h1>

<p>Before the HTTP connection publishes the thing-created event, it makes an access token request against the token
endpoint to obtain a bearer token.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>POST /785e80cd-e6e6-452a-be97-a59c53edb4d9 HTTP/1.1
Host: webhook.site
Accept: application/json
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&amp;client_id=my-client-id
&amp;client_secret=my-client-secret
&amp;scope=my-scope
</code></pre></div></div>

<p>The request should appear at the access token webhook. The webhook should return the configured access token response.</p>

<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
  </span><span class="nl">"access_token"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ewogICJhbGciOiAiUlMyNTYiLAogICJ0eXAiOiAiSldUIgp9.ewogICJhdWQiOiBbXSwKICAiY2xpZW50X2lkIjogIm15LWNsaWVudC1pZCIsCiAgImV4cCI6IDMyNTAzNjgwMDAwLAogICJleHQiOiB7fSwKICAiaWF0IjogMCwKICAiaXNzIjogImh0dHBzOi8vbG9jYWxob3N0LyIsCiAgImp0aSI6ICI3ODVlODBjZC1lNmU2LTQ1MmEtYmU5Ny1hNTljNTNlZGI0ZDkiLAogICJuYmYiOiAwLAogICJzY3AiOiBbCiAgICAibXktc2NvcGUiCiAgXSwKICAic3ViIjogIm15LXN1YmplY3QiCn0.QUJD"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"expires_in"</span><span class="p">:</span><span class="w"> </span><span class="mi">1048576</span><span class="p">,</span><span class="w">
  </span><span class="nl">"scope"</span><span class="p">:</span><span class="w"> </span><span class="s2">"my-scope"</span><span class="p">,</span><span class="w">
  </span><span class="nl">"token_type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"bearer"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div></div>

<p>The HTTP connection will cache the access token and use it to authenticate itself at the event publishing webhook
for each thing event, including the first thing-created event.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>POST /6148b899-736f-47e6-9382-90b1d721630e HTTP/1.1
Host: webhook.site
Content-Type: application/vnd.eclipse.ditto+json
Authorization: Bearer ewogICJhbGciOiAiUlMyNTYiLAogICJ0eXAiOiAiSldUIgp9.ewogICJhdWQiOiBbXSwKICAiY2xpZW50X2lkIjogIm15LWNsaWVudC1pZCIsCiAgImV4cCI6IDMyNTAzNjgwMDAwLAogICJleHQiOiB7fSwKICAiaWF0IjogMCwKICAiaXNzIjogImh0dHBzOi8vbG9jYWxob3N0LyIsCiAgImp0aSI6ICI3ODVlODBjZC1lNmU2LTQ1MmEtYmU5Ny1hNTljNTNlZGI0ZDkiLAogICJuYmYiOiAwLAogICJzY3AiOiBbCiAgICAibXktc2NvcGUiCiAgXSwKICAic3ViIjogIm15LXN1YmplY3QiCn0.QUJD

{
  "topic": "&lt;namespace&gt;/&lt;name&gt;/things/twin/events/created",
  "headers": {},
  "path": "/",
  "value": {
    "policyId": "&lt;policy-id&gt;"
  },
  "revision": 1
}
</code></pre></div></div>

<p>The HTTP connection will obtain a new token from the access token webhook when the previous token is about to expire.</p>

<p>Please <a href="feedback.html">get in touch</a> if you have feedback or questions regarding this new functionality.
<br />
<br /></p>
<figure><img class="docimage" src="images/ditto.svg" alt="Ditto" style="max-width: 500px" /></figure>

<p>–<br /> 
The Eclipse Ditto team</p>

    </div>



</article>

<hr class="shaded"/>

<footer>
            <div class="row">
                <div class="col-lg-12 footer">
                    <div class="logo">
                        <a href="https://eclipse.org"><img src="images/eclipse_foundation_logo.svg" alt="Eclipse logo"/></a>
                    </div>
                    <p class="notice">
                        &copy;2024 Eclipse Ditto™.
                         Site last generated: Nov 15, 2024 <br />
                    </p>
                    <div class="quickLinks">
                        <a href="https://www.eclipse.org/legal/privacy.php" target="_blank">
                            &gt; Privacy Policy
                        </a>
                        <a href="https://www.eclipse.org/legal/termsofuse.php" target="_blank">
                            &gt; Terms of Use
                        </a>
                        <a href="https://www.eclipse.org/legal/copyright.php" target="_blank">
                            &gt; Copyright Agent
                        </a>
                        <a href="https://www.eclipse.org/legal" target="_blank">
                            &gt; Legal
                        </a>
                        <a href="https://www.eclipse.org/legal/epl-2.0/" target="_blank">
                            &gt; License
                        </a>
                        <a href="https://eclipse.org/security" target="_blank">
                            &gt; Report a Vulnerability
                        </a>
                    </div>
                </div>
            </div>
</footer>


        </div>
    <!-- /.row -->
</div>
<!-- /.container -->
</div>
<!-- /#main -->
    </div>

</body>
</html>