search

oracle / oci-cli

Command Line Interface for Oracle Cloud Infrastructure
https://cloud.oracle.com/cloud-infrastructure
Other
426 stars 176 forks source link

Get Refresh Token for oci iam db-token #780

Closed vinit-ramon closed 1 month ago

vinit-ramon commented 1 month ago

Hi All,

I am trying to connect to an ADB using oci iam db-token. I am getting security token using oci iam db-token get and I am able to connect to oracle ADB using this.

Since the token is valid for only 1 hour, Is there any method for db-token using which i can receive refresh token value as well on the first call and i can use only refresh token value to get the new token everytime for the new connections.

I tried adding offline_access in the scope, but it is throwing following error. `oci iam db-token get --scope "urn:oracle:db::id::ocid1.compartment.oc1..aaaaaaaaprt3cdtufhimjeu3nqxvcy2h7g7ofpba2fqomeruq offline_access"

ServiceError: { "client_version": "Oracle-PythonSDK/2.124.1, Oracle-PythonCLI/3.37.13", "code": "NotAuthorizedOrNotFound", "logging_tips": "Please run the OCI CLI command using --debug flag to find more debug information.", "message": "Authorization failed or requested resource not found.", "opc-request-id": "6B5074A48E0B435699E3CF5EC923D475/9C18FC7943F75E13A905193FD7FEC0A3/6C148159E67E634C115C8B7FFE780D0E", "operation_name": "generate_scoped_access_token", "request_endpoint": "POST https://auth.us-ashburn-1.oraclecloud.com/v1/actions/generateScopedAccessToken", "status": 404, "target_service": "dataplane", "timestamp": "2024-05-28T05:35:03.165993+00:00", "troubleshooting_tips": "See [https://docs.oracle.com/iaas/Content/API/References/apierrors.htm] for more information about resolving this error. If you are unable to resolve this issue, run this CLI command with --debug option and contact Oracle support and provide them the full error message." }`

Please suggest.

Thanks in advance, Vinit

adizohar commented 1 month ago

Hi Vinit

Token valid for one, hour, after one hour, you need to request again oci iam db-token get There is no option to refresh, but getting a new one.

karthik-k-kamath commented 1 month ago

Thanks Adi, for clarifying this query. Vinit, also look at other auth methods here: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdk_authentication_methods.htm

vinit-ramon commented 1 month ago

Thank you so much @adizohar @karthik-k-kamath for the suggestions.