OAuth 2.0
OAuth 2.0 forms the basis for authentication on the platform. This section provides practical guidance for authenticating requests.
For examples of how to perform authentication in a variety of programming languages, see the Client Credentials Grant Examples in the sidebar.
Client Credentials Grant
The most straightforward scenario is machine-to-machine authentication, which is
handled with a client credentials
grant. In this scenario, a
trusted, confidential server uses its own credentials, generally referred to as
an app-id
and app-secret
tuple, to authenticate requests. The server,
not Vectara, is responsible for managing authentication and authorization
of individual users.
The server behind a publicly-accessible semantic search engine such as Quanta Search should use this strategy.
If you are using Java, please contact us for convenient helper libraries that encapsulate the steps below.
Obtain the JWT Token
In the code snippet below, the token endpoint is <AUTH_URL>/oauth2/token
where AUTH_URL is the location of your account's authentication domain.
To determine its value, navigate to the Authentication page of the console and select the
App Client tab.
The client ID is the app_id
, and the redirect URI
must match the redirect URL configured for the client. Note the peculiarities
of the HTTP authorization header: this is per the OAuth 2.0 standard.
The grant type should be client_credentials
for App Clients. This auth
flow is commonly used for servers that must communicate with the platform. It
should be authorization_code
for authentication from apps installed on a
device, such as web browsers. Finally, refresh_token
is used to referesh
an expired token.