Thursday, April 21, 2022

#906 OIC with OAuth 2.0

More a note for myself, but maybe interesting for others. I want to invoke an OIC integration that is protected by OAuth. 




My REST connection is defined as follows - 








I create a simple synchronous integration using this connection - 












I test this in OIC -














Next step is IDCS for the OAuth setup etc. Here I begin by creating a confidential application - 






















click Next -
Set the following Authorization values - 


Add your OIC instance as a Scope -




Click Next

Primary Audience is set to your OIC host, without the /ic/home


Click Next










Click Next








Client ID and Secret are displayed - save these locally -












Activate














Next steps are well documented here

Get Authorisation Code - 

https://<idcs_URL>/oauth2/v1/authorize?client_id=<client_ID>&response_type=code&scope=<scope> offline_access&redirect_uri=<URL_to_receive_response>

my url - 


https://myIDCSURL/oauth2/v1/authorize?client_id=myClientId&response_type=code&scope=myScope offline_access&redirect_uri=https:/myOICURL/icsapis/agent/oauth/callback

Scope can be found in the IDS app configuration - where you added the scope for your OIC instance.

I enter the url in a browser and am then prompted to login to OIC -












I am only interested in the code returned in the url - 

https://myOIC/icsapis/agent/oauth/callback?code=myCode

The code is required to get an Access Token -

Next step is to Base64 encode the client id and secret.

I just follow the instructions from the doc -














Now to getting the access token - 
I had to amend the curl cmd from the docs slightly - 

curl -i -H "Authorization: Basic myBase64EncodedCredentials" --request POST "https://myIDSCUrl/oauth2/v1/token" -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=authorization_code&code=myCode













Now I have the access token, let us use it in an invoke - here I use Postman - 
















Thanks to my colleague Valeria C. for pointing out I could also use OAUTH Authorization in Postman. This is, in fact, simpler - here is my configuration -


















The values above are as follows - 
Token Name - name of your choice
Grant Type - Authorization Code
Callback URLhttps://yourOICInstanceURL/icsapis/agent/oauth/callback
Auth URL - https://yourIDCSInstanceURL/oauth2/v1/authorize
Access Token URL - https://yourIDCSInstanceURL/oauth2/v1/token
Client Id - your client id
Client Secret - your client secret
Scope - https://yourIDCSOICScopeURL:443urn:opc:resource:consumer::all

A future post will cover publishing this OIC api to the OCI API Gateway and then have API Gateway inject the token into the client request. 






 





No comments: