Enter your keyword

post

OAuth2.0 custom 2 Legged Security in REST connection: Oracle Integration

In this article, we will demonstrate how to make the REST connection with the API, which is secured by OAuth2.0. We will look at the OAuth Custom Two Legged security policy and how it can be used to integrate with services that are protected using OAuth Client Credentials or OAuth Resource Owner Password Credentials.

 
Oracle Integration Cloud provides OAuth Custom Two Legged security policy which will be used to access the API which is secured via the OAuth framework.In OAuth2.0, the client first obtains the access token by calling the /oath API which gives the access token along with refresh token, expires_in, etc. Using the access token, the client access the actual resource to pull/push the data.

Let’s use SharePoint APIs which are enabled via the OAuth2.0.
Oracle Integration Cloud uses the curl syntax. Below is the same curl command syntax:
-X POST -H “Content-Type: application/x-www-form-urlencoded” -d ‘grant_type=client_credentials&client_id= A23dcc-313dd-2d1a-003f-11065ww1s11@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33&client_secret= Abcde32tFg13+njytr4Khg+asgytwlkn12765nM= https://abc.com/tokens/OAuth/2
Refer below table to understand the different options:
Option
Possible values
Description
Mandatory
-X
GET/PUT/POST
HTTP verb to generate the access token. It may differ API to API
Yes
-H
“<Key>: <Value>”
Will be used to pass headers
No
-d
‘Data as string”
Will be used to pass data in single quotes. Any quotes in the values should be escaped
No
URI
URI
Authorization service endpoint
Yes
To generate the access token for SharePoint, below data need to send in the same format as mentioned in the table
Key
Syntax
Value
grant_type
client_credentials
client_credentials
client_id
ClientID@TenantID
A23dcc-313dd-2d1a-003f-11065ww1s11@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33
client_secret
Client secret
Abcde32tFg13+njytr4Khg+asgytwlkn12765nM=
resource
resource/SiteDomain@TenantID
00000003-0000-0ff1-ce00-000000000000/online.sharepoint.com@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33
For example:
 
-X POST -H “Content-Type: application/x-www-form-urlencoded” -d ‘grant_type=client_credentials&client_id= A23dcc-313dd-2d1a-003f-11065ww1s11@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33&client_secret= Abcde32tFg13+njytr4Khg+asgytwlkn12765nM=&resource=00000003-0000-0ff1-ce00-000000000000/online.sharepoint.com@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33 https://accounts.accesscontrol.windows.net/tokens/OAuth/2
Let’s see how to create REST connection in Oracle Integration Cloud with OAuth Custom Two Legged security policy
  • Create a REST connection with name Oauth2Legged
  • Click on Configure Connectivity button, configure below and click on the Ok button
  • Click on Configure Security button, configure below and click on the Ok button
    • Access Token Request: –X POST -H “Content-Type: application/x-www-form-urlencoded” -d ‘grant_type=client_credentials&client_id= A23dcc-313dd-2d1a-003f-11065ww1s11@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33&client_secret= Abcde32tFg13+njytr4Khg+asgytwlkn12765nM=&resource=00000003-0000-0ff1-ce00-000000000000/online.sharepoint.com@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33 https://accounts.accesscontrol.windows.net/tokens/OAuth/2
    • $access_token: access_token
    • $expiry: expires_in
    • $token_type: token_type
    • access_token_usage: -H Authorization: ${token_type} ${access_token}

Below is the sample response of SharePoint access token request

{
    “token_type”: “Bearer”,
    “expires_in”: “28800”,
    “not_before”: “1557734767”,
    “expires_on”: “1557763867”,
    “resource”: “00000003-0000-0ff1-ce00-000000000000/online.sharepoint.com@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33”,
    “access_token”: “esdssdsd221212sdMSDSDshjkhkjhsddsdsnkjhkjdsdng1dCI6IkhCeGw5bUFlNmd4YXZDa2NvT1UyVEhzRE5hMCIsImtpZCI6IkhCeGw5bUFlNmd4YXZDa2NvT1UyVEhzRE5hMCJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvZ2VucGFjdG9ubGluZS5zaGFyZXBvaW50LmNvbUBiZGVmOGEyMC1hYWFjLTRmODAtYjNhMC1kOWEzMmY5OWZkMzMiLCJpc3MiOiIwMDAwMDAwMS0wMDAwLTAwMDAtYzAwMC0wMDAwMsddsddsddssdswLWIzYTAtZDlhMzJmOTlmZDMzIiwiaWF0IjoxNTU3NzM0NzY3LCJuYmYiOjE1NTMewe@32323Mssd23232Mssd2Mzg2NywiaWRlbnRpdHlwcm92aWRlciI6IjAwMDAwMDAxLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMEBiZGVmOGEyMC1hYWFjLTRmODAtYjNhMC1kOWEzMmY5OWZkMzMiLCJuYW1laWQiOiJmN2I0ZmQzYy0zM2ZkLTRkMGEtODAzZi1kMzA2NTRkNDA2YTZAYmRlZjhhMjAtYWFhYy00ZjgwLWIzYTAtZDlhMzJmOTlmZDMzIiwib2lkIjoiNGY5MDYxYjQtZDc2OS00MjA1LTg0YTctYjhmOGE2MjEyOWI3Iiwic3ViIjoiNGY5MDYxYjQtZDc2OS00MjA1LTg0YTctYjhmOGE2MjEyOWI3IiwidHJ1c3RlZGZvcmRlbGVnYXRpb24iOiJmYWxzZSJ9 “
}
Refer below table, while configuring the options (Configure Security) in ICS connection:
Option
Default value
Value to be configured
$access_token
access.[tT]oken
This will be the variable name which is coming in the API response which holds the value of access_token
$expiry
expires_in
This will be the variable name which is coming in the API response which holds the value of expires_in
$token_type
token.?[tT]ype
This will be the variable name which is coming in the API response which holds the value of token_type
access_token_usage
-H Authorization: ${token_type} ${access_token}
How the access token will be used to access the protected resource. For example:
Authorization: Bearer <access_token>
Test the connection from the Upper right corner. If everything is OK, the connection should be successful
REST Connection

Some Toughts (7)

  1. added on 11 Jul, 2019
    Reply

    Hi Ankur,

    I followed the steps to create REST connection but it's giving me 401 Unauthorized error. I tried on POSTMAN with same details and it is returning access token.

    I have shared details to my post for which you provide me reply.

    Thanks,
    Hemen

  2. added on 14 Jul, 2019
    Reply

    Hi Heman,

    This has been resolved via post

    https://cloudcustomerconnect.oracle.com/posts/6eb9126f62

    Regards,
    Ankur

  3. added on 16 Jul, 2019
    Reply

    This comment has been removed by the author.

  4. added on 16 Jul, 2019
    Reply

    Thanks a lot for the blog. It is very helpful.

    Small correction required in 'Access Token Request'. Without this correction, I was getting NoSecurityProvider and NullPointerException.

    Correction: a) After -d param quote starts but it does not end. It should end just before https://
    b)After end quote, there should be a space and then https:// url should start.

    Corrected token request:
    -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id= A23dcc-313dd-2d1a-003f-11065ww1s11@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33&client_secret= Abcde32tFg13+njytr4Khg+asgytwlkn12765nM=&resource=00000003-0000-0ff1-ce00-000000000000/online.sharepoint.com@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33' https://accounts.accesscontrol.windows.net/tokens/OAuth/2

    Thanks,
    Datta

  5. added on 22 Aug, 2019
    Reply

    һi!,I like your ѡriting so so mucһ! proportion we keеp in t᧐uch extra about your post on AOL?
    I need an expert on this area to solve my problem.

    May be that is you! Looking forward to рeer you.

  6. added on 29 Aug, 2019
    Reply

    My bгother suggested Ι might like tһis blog. He was
    totaⅼly right. Ꭲhis рost actually made my dɑy.
    You can not imagine jᥙst how much time I had spent for this info!
    Thanks!

  7. added on 31 Aug, 2019
    Reply

    Pretty nice ρost. I jᥙѕt stumbled upon your
    blog and wished to say that I’ve really enjoyed browsing ʏour
    blog posts. In any caѕe I’ll be subscribing to your feed and I hopе you wгitе again very soon!

Leave a Reply

Your email address will not be published.