OAuth 2 — SBB

Getting started with OAuth2@SBB

The Client Credentials Grant Type

The client credentials grant type is meant to be used when you are building an application that doesn’t need to perform user related tasks.

This means that if you’re building an application ( requiring no user information for its functionality ), this is the grant type for you!

Here’s how it works:

Your application makes a request to the identity provider’s API service using its application credentials.
It receives an access token back, which can be used to perform API requests.

How to Use The Client Credentials Grant Type

Request the azure tokenproviderfor a an access token. Use the providet client_id and client_secret and the scope from.

curl --location 'https://login.microsoftonline.com/2cda5d11-f0ac-46b3-967d-af1b2e1bd01a/oauth2/v2.0/token' \ --data 'grant_type: "client_credentials" scope: "provided scope" client_id: "provided client Id" client_secret: "provided secret"'

Use the access token in the authorization header in your application requests to the desired SBB service

curl --location 'https://journey-service-int.api.sbb.ch/v3/trips/by-origin-destination' \ --header 'Content-Type: text/plain' \ --header 'Authorization: Bearer $$$$token$$$$' \ --data '{ "origin": "8503000", "destination": "8507000", "date": "2023-04-18", "time": "13:07", "mobilityFilter": { "walkSpeed": 50, }, "includeAccessibility": "ALL", }

Useful Links to OAuth2

Example with PHP Backend: https://knpuniversity.com/screencast/oauth/client-credentials

Explore JSON Web Token (Debugging) https://jwt.io