#931 - Message Driven Processes with OPA - OAuth Setup

 

A very simple process, just to illustrate how easy this is with OPA.

I Activate and then click on View API - 

So now I have the endpoint - I need to authenticate via OAuth; so before I can test this I need to register my Oracle Cloud Infrastructure Process Automation instance as a confidential application in Oracle Identity Cloud Service.

Here is the configuration of my Confidential Application -

That's it - but please note the redirect uri has the same format as that for OIC Gen2. 

https://Your-OPA.process.oci.oraclecloud.com/icsapis/agent/oauth/callback

Also note the 2 scopes - one for Process and one for Decisions.

I save the client id and secret and then base64 encode them.

And yes, I still use Windows, or, as we say, in Gaeilge - fuinneoga.

Next step - get an Authorization Code - 

https://yourIDCSUrl/oauth2/v1/authorize?client_id=yourClientId&response_type=code&scope=https://yourOPAUrl.process.oci.oraclecloud.com/process offline_access&redirect_uri=https://yourOPAURL.process.oci.oraclecloud.com/icsapis/agent/oauth/callback

So, I've now got encoded client id and secret as well as the authorization code - time to get the auth token - 

curl -i -H "Authorization: Basic yourBase64EncodedClientIdSecret" --request POST "https://yourIDCSUrl/oauth2/v1/token" -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=authorization_code&code=yourAuthorizationCode"

I take the code and now set up the invoke of my Process in Postman - 

Here is the OAuth Configuration - 

Note: Scope is set to https://yourOPA.process.oci.oraclecloud.com/process

I enter the process payload - my Order - 

and test - I see the following error message in Postman -

 Quite correct, I have not assigned any users to my Process role. I return to Process Workspace and do this - 

Now back to Postman - 

That's more like it!

Invoking OPA REST APIs is simple, once you have done the initial setup.

Final step - I validate in OPA Workspace -