OpenSearch/docs/java-rest/high-level/security/create-token.asciidoc

[role="xpack"]
[[java-rest-high-security-create-token]]
=== Create Token API

[[java-rest-high-security-create-token-request]]
==== Request
The `CreateTokenRequest` supports three different OAuth2 _grant types_:

===== Password Grants

["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-password-request]
--------------------------------------------------

===== Refresh Token Grants
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-refresh-request]
--------------------------------------------------

===== Client Credential Grants
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-client-credentials-request]
--------------------------------------------------

[[java-rest-high-security-create-token-execution]]
==== Execution

Creating a OAuth2 security token can be performed by passing the appropriate request to the
 `security().createToken()` method:

["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-execute]
--------------------------------------------------

[[java-rest-high-security-create-token-response]]
==== Response

The returned `CreateTokenResponse` contains the following properties:

`accessToken`:: This is the newly created access token.
   It can be used to authenticate to the Elasticsearch cluster.
`type`:: The type of the token, this is always `"Bearer"`.
`expiresIn`:: The length of time until the token will expire.
   The token will be considered invalid after that time.
`scope`:: The scope of the token. May be `null`.
`refreshToken`:: A secondary "refresh" token that may be used to extend
 the life of an access token. May be `null`.

["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-response]
--------------------------------------------------
<1> The `accessToken` can be used to authentication to Elasticsearch.
<2> The `refreshToken` can be used in to create a new `CreateTokenRequest` with a `refresh_token` grant.

[[java-rest-high-security-create-token-async]]
==== Asynchronous Execution

This request can be executed asynchronously using the `security().createTokenAsync()`
method:

["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-execute-async]
--------------------------------------------------
<1> The `CreateTokenRequest` to execute and the `ActionListener` to use when
the execution completes

The asynchronous method does not block and returns immediately. Once the request
has completed the `ActionListener` is called back using the `onResponse` method
if the execution successfully completed or using the `onFailure` method if
it failed.

A typical listener for a `CreateTokenResponse` looks like:

["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-execute-listener]
--------------------------------------------------
<1> Called when the execution is successfully completed. The response is
provided as an argument
<2> Called in case of failure. The raised exception is provided as an argument
[DOCS] Add missing icons to security HLRC APIs (#46619) 2019-09-11 16:19:13 -04:00			`[role="xpack"]`
HLRC: Add security Create Token API (#34791) This adds the Create Token API (POST /_xpack/security/oauth2/token) to the High Level Rest Client. Relates: #29827 2018-10-29 02:17:56 -04:00			`[[java-rest-high-security-create-token]]`
			`=== Create Token API`

			`[[java-rest-high-security-create-token-request]]`
			`==== Request`
			The `CreateTokenRequest` supports three different OAuth2 _grant types_:

			`===== Password Grants`

			`["source","java",subs="attributes,callouts,macros"]`
			`--------------------------------------------------`
			`include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-password-request]`
			`--------------------------------------------------`

			`===== Refresh Token Grants`
			`["source","java",subs="attributes,callouts,macros"]`
			`--------------------------------------------------`
			`include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-refresh-request]`
			`--------------------------------------------------`

			`===== Client Credential Grants`
			`["source","java",subs="attributes,callouts,macros"]`
			`--------------------------------------------------`
			`include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-client-credentials-request]`
			`--------------------------------------------------`

			`[[java-rest-high-security-create-token-execution]]`
			`==== Execution`

			`Creating a OAuth2 security token can be performed by passing the appropriate request to the`
			`security().createToken()` method:

			`["source","java",subs="attributes,callouts,macros"]`
			`--------------------------------------------------`
			`include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-execute]`
			`--------------------------------------------------`

			`[[java-rest-high-security-create-token-response]]`
			`==== Response`

			The returned `CreateTokenResponse` contains the following properties:

			`accessToken`:: This is the newly created access token.
			`It can be used to authenticate to the Elasticsearch cluster.`
			`type`:: The type of the token, this is always `"Bearer"`.
			`expiresIn`:: The length of time until the token will expire.
			`The token will be considered invalid after that time.`
			`scope`:: The scope of the token. May be `null`.
			`refreshToken`:: A secondary "refresh" token that may be used to extend
			the life of an access token. May be `null`.

			`["source","java",subs="attributes,callouts,macros"]`
			`--------------------------------------------------`
			`include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-response]`
			`--------------------------------------------------`
			<1> The `accessToken` can be used to authentication to Elasticsearch.
			<2> The `refreshToken` can be used in to create a new `CreateTokenRequest` with a `refresh_token` grant.

			`[[java-rest-high-security-create-token-async]]`
			`==== Asynchronous Execution`

			This request can be executed asynchronously using the `security().createTokenAsync()`
			`method:`

			`["source","java",subs="attributes,callouts,macros"]`
			`--------------------------------------------------`
			`include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-execute-async]`
			`--------------------------------------------------`
			<1> The `CreateTokenRequest` to execute and the `ActionListener` to use when
			`the execution completes`

			`The asynchronous method does not block and returns immediately. Once the request`
			has completed the `ActionListener` is called back using the `onResponse` method
			if the execution successfully completed or using the `onFailure` method if
			`it failed.`

			A typical listener for a `CreateTokenResponse` looks like:

			`["source","java",subs="attributes,callouts,macros"]`
			`--------------------------------------------------`
			`include-tagged::{doc-tests}/SecurityDocumentationIT.java[create-token-execute-listener]`
			`--------------------------------------------------`
			`<1> Called when the execution is successfully completed. The response is`
			`provided as an argument`
			`<2> Called in case of failure. The raised exception is provided as an argument`