OAuth2.0 custom 2 Legged Security in REST connection: Oracle Integration
In this article, we will show how to make the REST connection with the REST API, which is secured by OAuth2.0. We will look at the OAuth Custom Two Legged security policy and how it can be used to integrate with services that are protected using OAuth Client Credentials or OAuth Resource Owner Password Credentials such as Sharepoint.
In this article, we will take an example of Sharepoint REST APIs.
Oracle Integration Cloud provides OAuth Custom Two Legged security policy which will be used to access the API which is secured via the OAuth framework. In OAuth2.0, the client first obtains the access token by calling the /token/oauth API which gives the access token along with refresh token, access token, etc. Using the access token, the client access the actual resource to pull/push the data.
Note: Please replace the special character with the respective encoded value, other connection will fail with 400 bad request error. For example: client_id can contain +, please replace it with it encoded value such as %2B
Option
|
Possible values
|
Description
|
Mandatory
|
-X
|
GET/PUT/POST
|
HTTP verb to generate the access token. It may differ API to API
|
Yes
|
-H
|
“<Key>: <Value>”
|
Will be used to pass headers
|
No
|
-d
|
‘Data as string”
|
Will be used to pass data in single quotes. Any quotes in the values should be escaped
|
No
|
URI
|
URI
|
Authorization service endpoint
|
Yes
|
Key
|
Syntax
|
Value
|
grant_type
|
client_credentials
|
client_credentials
|
client_id
|
ClientID@TenantID
|
A23dcc-313dd-2d1a-003f-11065ww1s11@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33
|
client_secret
|
Client secret
|
Abcde32tFg13+njytr4Khg+asgytwlkn12765nM=
|
resource
|
resource/SiteDomain@TenantID
|
00000003-0000-0ff1-ce00-000000000000/online.sharepoint.com@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33
|
-X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id= A23dcc-313dd-2d1a-003f-11065ww1s11@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33&client_secret= Abcde32tFg13+njytr4Khg+asgytwlkn12765nM=&resource=00000003-0000-0ff1-ce00-000000000000/online.sharepoint.com@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33' https://accounts.accesscontrol.windows.net/tokens/OAuth/2
- Create a REST connection with name Sharepoint_Connection
- Under the properties section, configure below and click on the Ok button
- Connection Type: REST API Based URL
- Connection URL: https://online.sharepoint.com
- Under Security section, configure below parameters:
- Access Token Request: –X POST -H “Content-Type: application/x-www-form-urlencoded” -d ‘grant_type=client_credentials&client_id= A23dcc-313dd-2d1a-003f-11065ww1s11@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33&client_secret= Abcde32tFg13+njytr4Khg+asgytwlkn12765nM=&resource=00000003-0000-0ff1-ce00-000000000000/online.sharepoint.com@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33’ https://accounts.accesscontrol.windows.net/tokens/OAuth/2
- $access_token: access_token
- $expiry: expires_in
- $token_type: token_type
- access_token_usage: -H Authorization: ${token_type} ${access_token}
Below is the sample response of SharePoint access token request
Option
|
Default value
|
Value to be configured
|
$access_token
|
access.[tT]oken
|
This will be the variable name which is coming in the API response which holds the value of access_token
|
$expiry
|
expires_in
|
This will be the variable name which is coming in the API response which holds the value of expires_in
|
$token_type
|
token.?[tT]ype
|
This will be the variable name which is coming in the API response which holds the value of token_type
|
access_token_usage
|
-H Authorization: ${token_type} ${access_token}
|
How the access token will be used to access the protected resource. For example:
Authorization: Bearer <access_token>
|
Hi Ankur,
I followed the steps to create REST connection but it's giving me 401 Unauthorized error. I tried on POSTMAN with same details and it is returning access token.
I have shared details to my post for which you provide me reply.
Thanks,
Hemen
Hi Heman,
This has been resolved via post
https://cloudcustomerconnect.oracle.com/posts/6eb9126f62
Regards,
Ankur
This comment has been removed by the author.
Thanks a lot for the blog. It is very helpful.
Small correction required in 'Access Token Request'. Without this correction, I was getting NoSecurityProvider and NullPointerException.
Correction: a) After -d param quote starts but it does not end. It should end just before https://
b)After end quote, there should be a space and then https:// url should start.
Corrected token request:
-X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id= A23dcc-313dd-2d1a-003f-11065ww1s11@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33&client_secret= Abcde32tFg13+njytr4Khg+asgytwlkn12765nM=&resource=00000003-0000-0ff1-ce00-000000000000/online.sharepoint.com@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33' https://accounts.accesscontrol.windows.net/tokens/OAuth/2
Thanks,
Datta
һi!,I like your ѡriting so so mucһ! proportion we keеp in t᧐uch extra about your post on AOL?
I need an expert on this area to solve my problem.
May be that is you! Looking forward to рeer you.
My bгother suggested Ι might like tһis blog. He was
totaⅼly right. Ꭲhis рost actually made my dɑy.
You can not imagine jᥙst how much time I had spent for this info!
Thanks!
Pretty nice ρost. I jᥙѕt stumbled upon your
blog and wished to say that I’ve really enjoyed browsing ʏour
blog posts. In any caѕe I’ll be subscribing to your feed and I hopе you wгitе again very soon!