Skip to content
Alation Agent Studio Documentation

Machine-to-Machine OAuth Clients

Generating Client ID and Client Secret

Section titled “Generating Client ID and Client Secret”
  1. Navigate to https://your-alation-instance.alationcloud.com/admin/auth/
  2. Scroll down until you find OAuth Client Applications
  3. Click on Add
  4. Give it a Name, set the Access Token Duration (in seconds, min 5 mins, max 72 hours)
  5. Select a System User Role - this will determine the permissions the OAuth client will have when accessing Alation resources. Always follow the principle of least privilege and only assign the minimum role necessary for the client to perform its tasks.
  6. On clicking save, the Client ID and Client Secret will be generated. Make sure to copy and securely store the Client Secret as it will not be shown again.
OAuth Client Creation Screenshot

Generating JWT Access Tokens

Section titled “Generating JWT Access Tokens”

Once you have the client_id and client_secret, you can generate the JWT access token using the following steps:

Terminal window
curl --request POST \
     --url https://your-alation-instance.alationcloud.com/oauth/v2/token/ \
     --header 'accept: application/json' \
     --header 'content-type: application/x-www-form-urlencoded' \
     --data grant_type=client_credentials \
     --data client_id=<client-id from above step> \
     --data client_secret=<client-secret from above step>

The response will contain a JWT token that’s valid for the duration you specified when creating the OAuth client. This can be used to access the REST APIs or the MCP server.

Usage in Production Systems

Section titled “Usage in Production Systems”
Diagram

To ensure unattended flows work seamlessly in production systems, implement a step/node that will fetch a new Access Token using the above curl command before making any API calls.

This ensures that your system always has a valid token and can handle token expiration gracefully.