Generate an authentication token from an OIDC provider in Vultr IAM. Obtain temporary credentials for accessing cloud resources through federated identity.
Creating an OIDC provider token exchanges an authorization code for access and ID tokens using the standard OAuth2 authorization code flow. This is the token endpoint that external systems call after a user completes authentication through the provider's authorization endpoint.
This guide explains how to create an OIDC provider token using the Vultr API.
Send a GET request to the List OIDC Providers endpoint to retrieve all providers.
$ curl "https://api.vultr.com/v2/oidc/provider" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Note the id of the provider for which you want to create a token.
Direct the user to the provider's authorization endpoint to authenticate. Retrieve the authorization URL from the provider's discovery endpoint. After the user authenticates, the authorization server redirects to the configured redirect_uri with an authorization code.
Send a POST request to the Create OIDC Provider Token endpoint to exchange the authorization code for tokens. Replace {provider-id} with the provider id, AUTH-CODE with the authorization code, and REDIRECT-URI with the redirect URI configured for the client.
$ curl "https://api.vultr.com/v2/oidc/provider/{provider-id}/token" \
-X POST \
-H "Authorization: Bearer ${VULTR_API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"grant_type": "authorization_code",
"code": "AUTH-CODE",
"redirect_url": "REDIRECT-URI"
}'
A successful request returns an HTTP 201 Created response.