Friday, July 26, 2024

#1021 - OIC REST API - Use OAuth with REST API calls

The OIC REST api docs tell us how to use OAuth with REST API calls -












Let's try these out -

Pre-requisite is an integration application you set up in your identity domain -


Open this and copy the client id and secret to a file of your choice. While you're at it, also copy the scope and redirect url.

Get an Authorization Code

Now compose the following url to retrieve the auth code - the sample in the docs is as follows - 
https://<idcs_URL>/oauth2/v1/authorize?client_id=<client_ID>&response_type=code&scope=<scope> offline_access&redirect_uri=<URL_to_receive_response>

My version is as follows - https://idcs-10809....identity.oraclecloud.com/oauth2/v1/authorize?client_id=9b...&response_type=code&scope=https://1EA....integration.us-phoenix-1.ocp.oraclecloud.com:443urn:opc:resource:consumer::all offline_access&redirect_uri=https://myOICInstance.integration.us-phoenix-1.ocp.oraclecloud.com/icsapis/agent/oauth/callback

I run the request in a browser and get the following error - [OAuth Callback] Failed retrieving access token from service provider.

However, the url has been replaced with -
https://myOICInstance/icsapis/agent/oauth/callback?code=AgAgNjNiM2...

It's this code that I need. 

Base64 Encode Client Id and secret

Use the Authorization Code to Get an Access Token

The example in the doc uses curl, so I'll do the same


I'm on Windows so I replaced the single quotes in the doc sample with double quotes -

curl -i  -H "Authorization: Basic myEncodedClientIdSecret" --request POST "https://idcs-...8c.identity.oraclecloud.com/oauth2/v1/token" -H "Content-Type:application/x-www-form-urlencoded" -d "grant_type=authorization_code&code=AgAg...15A="

As you can see, the access_token is returned.
I can then drop the curl request into Postman. I need to get a new code, before executing the request


Note: the encoded client id and secret is entered as a unbroken string, without the BEGIN, END lines

Concrete Usage of the OIC3 Factory APIs

Here's a screenshot of the confidential app configuration - 

A you can see, I've activated Client credentials as well as Authorization code.

I create an integration that will retrieve all Projects in my OIC3 instance, using the factory api.

Step 1 is to create the REST connection - 























The api I want to call is the following - 

The invoke is defined as follows - 






































I test the integration - 
























One can also execute this request from Postman using Client Credentials -

Note that here I am using the OIC3 runtime url - see my post here for details.

Summary

auth code can be used for approaches where interaction is possible (e.g. browser based). 

for "machine to machine" use client credentials.


Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)