Saturday, 18 May 2019

OAuth Custom Three Legged Security Policy in REST Connection: Oracle Integration Cloud

In the previous article, we have described the OAuth Custom Two Legged Security Policy in REST Connection. This article will show how to create a connection with REST APIs which uses the three-legged OAuth security policy to access the APIs.

For the demo purpose, we'll take an example of LinkedIn REST API which uses the three-legged authentication to authenticate the REST APIs.

As a pre-requisite, we have to register an application in the LinkedIn developer portal which can be accessed here. During registration of the application provide the Redirect URLs in the below format:

https://<ICS-HOST:PORT>/icsapis/agent/oauth/callback

Once the application is registered it will provide the client id and client secret.


Let's see how to create REST connection in oracle integration cloud which will use the three-legged authentication.
  • Create a REST connection with name REST_LinkedIn_conn
  • Click on the Configure Connectivity button and enter below details
    • Connection Type: REST API Base URL
    • TLS Version: TLS v1.2
    • Connection URL: https://api.linkedin.com
  • Click on the Configure Security button, enter below details
    • Security Policy: OAuth Custom Three Legged Flow
    • Authorization Request:
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=81y6xeb6x8kqyw&redirect_uri=https://<ICS-HOST:PORT>/icsapis/agent/oauth/callback&scope=r_liteprofile+r_emailaddress+w_member_social
    • Access Token Request:
-X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_secret=X0tiWP105Utde7iZ&grant_type=authorization_code&redirect_uri=https%3A%2F%2Ficsinstance-a1111.integration.us2.oraclecloud.com%3A443%2Ficsapis%2Fagent%2Foauth%2Fcallback&client_id=81y6xeb6x8kqyw&code=${auth_code}' "https://www.linkedin.com/oauth/v2/accessToken"

Note:
Redirect URI should be encoded
    • Refresh Token: NA
    • $auth_code: code
    • $access_token: access_token
    • $refresh_token: refresh.[tT]oken
    • expiry: expires_in
    • $token_type: token.?[tT]ype
    • access_token_usage: -H Authorization: Bearer ${access_token}
  • Once all details are provided, click on the Provide Consent button
  • After clicking on the Provide Consent button, it will take you the LinkedIn permssion page. Here provide consent, if consent is successful, a Access Allowed page will come up

  • Go back to the REST connection page and click on the Test button. Once everthing is settled, the connection will be tested successsfully.

2 comments:

  1. Thank you because you have been willing to share information with us. we will always appreciate all you have done here because I know you are very concerned with our. custom writing service

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete