Tuesday, July 25, 2023

#978 OIC3 OAuth with OCI Domains

This is very similar to the process with IDCS. When you create an OIC3 instance under domains, you see an application has been created under Oracle Cloud Services. In my case, for my new OIC3 instance called ruck3.


Now I create a Confidential Application - my OAuth app for this ruck3 OIC instance.


The app is configured as follows -


Nothing required here - 


OAuth configuration is as follows - 















I add the resources from the Oracle Cloud Services app, created for my OIC3 instance -




   


As you can see, I have also assigned this add to the Service Developer role of the OIC Oracle Services app.


This I did here - 


Now to the OIC instance, I have 1 integration here - 


Let's invoke this from Postman - 

Firstly, the OAuth setup - 


Note, Grant Type is set to Client Credentials.

Access Token URL is in the following format - https://yourIDCSURL/oauth2/v1/token

The idcs url can be found here - 



















Client ID and Client Secret you get from the confidential app you just created.


For Scope, just add the 2 scopes you added to the Confidential App - separated by a space.

 

Get the access token -

Send the request to OIC - 



#977 OIC - counting OIC messages for subsidiaries within an organization

A nice use case here - I have a customer moving to OIC from another integration platform. The customer has multiple subsidiaries within its organization, all of which will be invoking the same set of OIC integration apis. The customer would like to how how many OIC requests are coming from each of it's subsidiaries.

Here is a simple solution based on OIC Tracking fields.

I create a simple REST based integration and add a custom http header - 




As you can see, I use the customer http header my primary tracking field.

I execute some requests, for Sub1 and Sub2.


Now to the OIC api - I will use this to get my count of messages from each subsidiary.


I need to set the query parameter, q, as follows - 

q={primaryValue: 'Sub2'}



Try this out in Postman - 


Note the timewindow parameter - the default is 1 hour. I now add this parameter and set it to 1d, to pick up some tests from this morning - 





 

Monday, July 17, 2023

#976 OIC 3 Visual Builder invoking OCI Process Automation

Invoking OPA from Visual Builder is very similar to invoking OPA from OIC3, see my post here on how to do the latter.



Here is the process I will invoke for Visual Builder - 




Request payload is as follows - 














So to the steps for Visual Builder invoking OPA - 

Step 1 - Create an IDCS app for OPA

This is described in the post mentioned above. This will give you your client id and secret.

Step 2 - Get the required url for invoking process 

The format is as follows - 

https://yourOPA.oci.oraclecloud.com/process/api/v1/process-instances?applicationName=yourOPAAppName&version=1.0&processName=yourProcessName

So, for me - application name is OrderApprovals and process name is OrderProcess.

Step 3 - Create an App in Visual Builder 

First thing I do is add a Business Object with the same fields as the request -
















Note the pre-seeded fields - createdBy etc.

Step 4 - Define Service Connection in Visual Builder 

This will be based on the OPA REST api discussed above.




As you can see, Authentication is set to OAuth 2.0 Resource Owner Password Credentials.

You provide client/id secret as well as userid/password (of a valid OPA user).

Scope is set to  
https://yourOPA.oci.oraclecloud.com/process offline_access

Token Url is set to https://yourIDCS.identity.oraclecloud.com/oauth2/v1/token


Step 5 - Build a simple app


My VB app is very simple - it allows me to create orders - 


Note the extra button in the Create page - Send for Approval. This will invoke the OPA api.


Step 6 - Test it





I check in Process Workspace






Sunday, July 9, 2023

#975 OIC Projects RBAC - a simple example

I have created 2 users niall and nuadac - the second user is in honour of Nuada of the Silver Hand or, as we say in Gaelic, Airgeadlámh. Airgead is the Irish for silver or money and lámh is hand. You can find out more about Nuada here.

Now back to OIC and Project RBAC - I login to my OIC instance as user niall and create a project - 


  Note, I do not check the box.














I now sign out as niall and sign in as nuadac -


nuadac has no projects, but let's get rid of the filter - I see some projects, including AA-ERP-Private-Project - 

























Let's try and access it - I click on the edit icon - 






Ok, let's sign back in as the project owner, and add a couple of artefacts.



I then add nuadac to the project - as a  Viewer.

 





I login as nuadac - I can see the lookup and the connection, but can only view - 


Back in as the owner, I add an integration and run it a couple of times - 


I also give nuadac Monitor rights - 


I log back in as nuadac and click on Observability - 


nuadac can be trusted, so let's give him edit permissions - 


nuadac adds a lookup to the project - 



He can also create Project Deployments - 


nuadac can also delete projects, so edit means edit, in the full sense of the word.

The only delta between project owner and editor, is that the latter CANNOT share the project.