The OIC REST api docs tell us how to use OAuth with REST API calls -
Let's try these out -
Pre-requisite is an integration application you set up in your identity domain -
Get an Authorization Code
Now compose the following url to retrieve the auth code - the sample in the docs is as follows -
https://<idcs_URL>/oauth2/v1/authorize?client_id=<client_ID>&response_type=code&scope=<scope> offline_access&redirect_uri=<URL_to_receive_response>
My version is as follows - https://idcs-10809....identity.oraclecloud.com/oauth2/v1/authorize?client_id=9b...&response_type=code&scope=https://1EA....integration.us-phoenix-1.ocp.oraclecloud.com:443urn:opc:resource:consumer::all offline_access&redirect_uri=https://myOICInstance.integration.us-phoenix-1.ocp.oraclecloud.com/icsapis/agent/oauth/callback
I run the request in a browser and get the following error - [OAuth Callback] Failed retrieving access token from service provider.
However, the url has been replaced with -
https://myOICInstance/icsapis/agent/oauth/callback?code=AgAgNjNiM2...
It's this code that I need.
Base64 Encode Client Id and secret
Use the Authorization Code to Get an Access Token
The example in the doc uses curl, so I'll do the same
curl -i -H "Authorization: Basic myEncodedClientIdSecret" --request POST "https://idcs-...8c.identity.oraclecloud.com/oauth2/v1/token" -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=authorization_code&code=AgAg...15A="
As you can see, the access_token is returned.
I can then drop the curl request into Postman. I need to get a new code, before executing the request
Concrete Usage of the OIC3 Factory APIs
Here's a screenshot of the confidential app configuration -
I create an integration that will retrieve all Projects in my OIC3 instance, using the factory api.
Step 1 is to create the REST connection -
Summary
auth code can be used for approaches where interaction is possible (e.g. browser based).
for "machine to machine" use client credentials.
No comments:
Post a Comment