Friday, July 26, 2024

#1021 - OIC REST API - Use OAuth with REST API calls

The OIC REST api docs tell us how to use OAuth with REST API calls -












Let's try these out -

Pre-requisite is an integration application you set up in your identity domain -


Open this and copy the client id and secret to a file of your choice. While you're at it, also copy the scope and redirect url.

Get an Authorization Code

Now compose the following url to retrieve the auth code - the sample in the docs is as follows - 
https://<idcs_URL>/oauth2/v1/authorize?client_id=<client_ID>&response_type=code&scope=<scope> offline_access&redirect_uri=<URL_to_receive_response>

My version is as follows - https://idcs-10809....identity.oraclecloud.com/oauth2/v1/authorize?client_id=9b...&response_type=code&scope=https://1EA....integration.us-phoenix-1.ocp.oraclecloud.com:443urn:opc:resource:consumer::all offline_access&redirect_uri=https://myOICInstance.integration.us-phoenix-1.ocp.oraclecloud.com/icsapis/agent/oauth/callback

I run the request in a browser and get the following error - [OAuth Callback] Failed retrieving access token from service provider.

However, the url has been replaced with -
https://myOICInstance/icsapis/agent/oauth/callback?code=AgAgNjNiM2...

It's this code that I need. 

Base64 Encode Client Id and secret

Use the Authorization Code to Get an Access Token

The example in the doc uses curl, so I'll do the same


I'm on Windows so I replaced the single quotes in the doc sample with double quotes -

curl -i  -H "Authorization: Basic myEncodedClientIdSecret" --request POST "https://idcs-...8c.identity.oraclecloud.com/oauth2/v1/token" -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=authorization_code&code=AgAg...15A="

As you can see, the access_token is returned.
I can then drop the curl request into Postman. I need to get a new code, before executing the request


Note: the encoded client id and secret is entered as a unbroken string, without the BEGIN, END lines

Concrete Usage of the OIC3 Factory APIs

Here's a screenshot of the confidential app configuration - 

A you can see, I've activated Client credentials as well as Authorization code.

I create an integration that will retrieve all Projects in my OIC3 instance, using the factory api.

Step 1 is to create the REST connection - 























The api I want to call is the following - 

The invoke is defined as follows - 






































I test the integration - 
























One can also execute this request from Postman using Client Credentials -

Note that here I am using the OIC3 runtime url - see my post here for details.

Summary

auth code can be used for approaches where interaction is possible (e.g. browser based). 

for "machine to machine" use client credentials.


Posted by at No comments:
Labels: ,

Tuesday, July 9, 2024

#1020 - Gen2 to OIC3 Upgrade - Factory REST API changes

Some customers are using the OIC Gen2 Factory api to download the log files -

left side - OIC Gen2

right side - OIC3


Download a log file - 

/ic/api/integration/v1/monitoring/logs/icsflowlog
This is what I get, when I save to file - 








Let's run a simple integration - 












I can find the error in the downloaded log - 
























But, naturally, I see this also in the activity stream - 























I can download the logs, which provide much more salient data -
























So the question is, what is the business impact of this api not being available in OIC3? 

To recap, the OIC Gen2 api can be used to download log files, such as icsflowlog or icsauditlog. The latter is the designtime audit - which developer did what in the designtime and when.

In OIC3, we can download the audit log from the Design time audit page - 

Summa, Summarum - If you are using this api in OIC gen2, then please consider why you are using it. Which data do you need to retain? Remember, the production trace level in OIC3 ensures the log data is available for 32 days. If you need to hive off data for compliance purposes, then please look and OCI Logging Analytics and Object Storage. 

Net, net - the fact that this api is not available in OIC3 may have little impact on your ability to upgrade.
Posted by at No comments:
Labels:

Thursday, July 4, 2024

#1019 - OIC Gen2 to OIC3 Upgrade - Instance Id

In OIC runtime, integration flows are identified by a unique id, the instance id. This is defined in the OIC Gen2 and OIC3 api as a string -

In OIC Gen2 - this string contains a numeric value -

In OIC3 this instance id string is alphanumeric - 

Storing Instance Id in a DB

Some OIC Gen2 customers have stored the instance id in a DB table, sometimes for compliance purposes, also to enable lookups of instance state by other integrations e.g. Integration B checks on the state of Integration A via the OIC Factory apis.

Check out my simple DB table below -many customers have defined the column holding the instance id as NUMBER, when they really should have been using VARCHAR.   

This could be fed by a common integration, such as the following - 

I use the Oracle DB adapter - 





































So, in our scenario, the OIC instance has been upgraded to OIC3, where the instanceId value is now alphanumeric.

This means I will need to change the DB column type - 

This is a major change, moving from NUMBER to VARCHAR2, so, as you can see, I need to delete the rows. 

So, in this case, let's do a backup of the table - 

Now I delete the rows from the original table - 


I drop the table and re-create it, with instanceid column set to varchar2(30).

However, when the table is empty, you could also use the ALTER Table command to change the column datatype, e.g. ALTER Table oic_instance_flows modify (instanceid varchar2(30)); 

Remember the instance id value in OIC3 is 22 characters.


Next step is to restore the data from the backup table - 



SQL> insert into oic_instance_flows (instanceid, integrationname, rundatetime) select instanceid, integrationname,rundatetime from oic_instance_flows_backup;






I now execute the integration the writes to the DB table - 


This error requires me to edit the integration. First thing I do is change the REST trigger request from -

{
  "instanceId" : 123456,
  "integrationName" : "ABC"
}

to 

{
  "instanceId" : "ABC123456",
  "integrationName" : "ABC"
}

Now to the DB invoke - the quickest method is to delete this and recreate it.
Here we import the new definition of the table i.e. with instanceid as VARCHAR2.


 















Here's an example based on a stored procedure - 


Now I am upgrade to OIC3, so I need to do the following -

1. change the DB column to VARCHAR2

2. Edit the PLSQL Stored Procedure - 

3. change the REST trigger request, setting instanceid as string.

{
  "instanceId" : "ABC123456",
  "integrationName" : "ABC"
}

4. Re-create the DB invoke of the Stored Procedure - 


 





























Summa summarum, OIC developers leveraging such will probably have just 1 integration that inserts the instance id into the database. This common integration will be invoked by the other integrations. So the actual amount of work involved in refactoring this should be minimal.

Using OIC getFlowId Function

The instance id could also be retrieved via the following and used in the mapper - 


The function could also be used in an Assign action -
























you will need to validate the usage of these in your integrations to see what you are doing with these.

Invoking OIC Factory REST APIs with Instance Id   

Many of the OIC Factory apis, especially those concerned with monitoring, use the instance id - 


as you can see, the instance id, from a factory api perspective, is a string. So there should be little change required here.





Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)