This simple example is for those who need to invoke Process from VB with identity propagation. This is a common requirement, when the person is a registered user of both apps, i.e. the pre-requisite for our VB user is that they are also a valid Process user. Ergo, the VB user needs to be added to the target OPA process, with at least the use permission. This you do in the Process Workspace --> Administration --> Roles.
Communication is over a VB Service connection, more about that later.
My VB app is simple, so is the Process -
The Process message payload is as follows -
Process Automation is part of OIC3, however, you do enable it separately.
Once enable, the instance is visible here -
Now that we have the basics, the VB and Process apps, the next step is to create the confidential application in IDCS; this will provide us with the token that will be used when Visual Builder invokes OPA.
Step 1 - Create a confidential app in IDCS
Click Next to add the details -
Check the following Grant Types -
- JWT Assertion - will be used by VB
- Refresh Token
- Authorization Code - will be used by my Postman sanity test
I like testing things out in Postman first.
We now need to specify the scopes - essentially setting the access level(s).
I add the scopes for OIC(Integration) and Process. These can be easily added -
Now for Process -
Note the 2 scopes here - one for process, the other for decisions. Let's include both.
The result -
Press Next on the following screens, then press Finish. Your client id and secret are displayed.
Copy these, as you will need them later.
Step 2 - Postman Sanity Test & Visual Builder setup
Visual Builder will communicate with OPA via a Service Connection.
You will need the following data to define the connection -
- Your IDCS URL
- Client Id / Secret
- Sample Request Payload for your Process invoke
- The OPA REST API to invoke
Let's start with the OPA REST API -
As you can see we're going to use /process/api/v1/instances -
The payload will be the order data our process expect, along with the following -
The Authorization setup is as follows -
Grant Type - set to Authorization Code
Auth URL - Set to https://yourIDCS//oauth2/v1/authorize
Access Token URL - Set to https://yourIDCS//oauth2/v1/token
Client Id / Secret - set to those from your IDCS confidential app
Scope - set to https://yourOPA/process
The payload is as follows -
Finally, the api -
https://yourOPA/process/api/v1/instances
I now get a new access token -
Looks good, so now back to our VB app - let's add the Service Connection.
Click Next -
Then click on Server -
Under Security - select User Assertion -
Add your client id and secret -
Set Scope to the process scope from the IDCS confidential app, the one you used in Postman.
Set Connection Type as shown -
Add /instances to the URL and click Send Request -
Looks good!
You can now click Save as Example Response - then click Create to save the service connection.
Let's check out the task in the Process Workspace -
Just before we look at invoking this from the VB application, let's talk about Backends -
I could create a backend entry for OPA, this would include the server data - base url / security settings etc. Multiple service connections could then leverage this, saving me having to enter the server information for each connection.
Now to invoking the OPA api from the VB form -
I'll add it to the "success" path -
I use the VB Call REST action and then configure it to invoke the OPA api
- make sure to add this step before the page initialisation step in the action chain -
Map the Request fields -
Copy the example request to the body -
You can leave the first 3 fields hardcoded - but the order payload fields need to be set to the values from the VB page -
Test - by adding a new order -
Working fine!
Just for your troubleshooting - What response do I get if the vb user is not an OPA user?
No comments:
Post a Comment