OAuth Custom Rest Connector

Knowledge base
, , ,
1

OAuth Custom Rest Connector

This article shows how to create a custom rest connector in webMethods.io to get an access token without using the default OAuth account management and how to configure keycloak server with client_credentials.

Use-case

If you are integrating with Custom Cloud Rest Application and if the OAUTH Provider for your custom application generates a token with considerably small expiry and there is a need to generate the access token for every session (or service execution) instead of refreshing token on expiry, as refresh on expiry on each new session (service invocation) will be expensive. In such cases, we will need to create a connector or Cloud Integration (Flowservice) to get the access token instead of using the default OAuth Account management of the connector.

usecase
usecase601Ă—631 38.8 KB

As an example, we will use Keycloak as an OAUTH provider to showcase this use case.

Prerequisite

  1. Pre-installed keycloak server. If you need to create your own instance, you could easily spawn one docker or k8s instance from “keycloak packaged by bitnami”. Refer Helm Charts to deploy Keycloak in Kubernetes

Topics

  1. Creating realm and client in keycloak and configuring them.

  2. Test to retrieve a token using Postman

  3. webMethods.io
    3.1. Creating a custom rest connector & and an account
    3.2. Creating resources & operations for getting token
    3.3. Creating FlowService to get the token

Steps

Creating and configuring realm and client

  1. Log in to keycloak “Administration console”.

2023-01-02-17-50-30
2023-01-02-17-50-302112Ă—1174 152 KB

  1. Login.

2023-01-02-18-52-19
2023-01-02-18-52-19981Ă—679 40.8 KB

  1. Create a realm. (name: test_realm)

2023-01-02-18-53-24
2023-01-02-18-53-241113Ă—677 49.9 KB

  1. Create a client (name: test_client), with configs as shown below.

2023-01-02-18-54-40
2023-01-02-18-54-401364Ă—872 67.4 KB

2023-01-02-18-56-00
2023-01-02-18-56-001384Ă—769 62.2 KB

2023-01-02-18-57-03
2023-01-02-18-57-031428Ă—806 57.9 KB

Note: Select Use refresh tokens for client credentials grant in Open ID Connect Compatibility Modes

This could be important in some cases, if this is not selected refresh token will not be sent along with the token response.

2023-01-02-18-59-04
2023-01-02-18-59-041767Ă—780 66.5 KB

Test to retrieve token using Postman

  1. Create a POST request with 4 form encoded parameters, grant_type, scope, client_id, client_secret and with url http://<<KEYCLOAK_SERVER>>:<<PORT_NUMBER>>/realms/<<REALM_NAME>>/protocol/openid-connect/token as below.

2023-01-02-20-09-05
2023-01-02-20-09-051197Ă—1205 211 KB

The result will contain token details, like access_token, refresh_token, token expiry, refresh expiry etc. We will use the generated token to access the application resource.

webMethods.io

Creating custom rest connector

It’s not mandatory to create a Rest Connector, you could directly use http invoke as well. But in general when you have many resources hosted in an application, it is better to use Custom Rest Connector, instead of many separate https calls

  1. Create / Open your project in the IO tenant.

2023-01-02-20-13-41
2023-01-02-20-13-41857Ă—417 18.3 KB

  1. Navigate to Connectors > Rest and click on Add Connector. provide name, URL(http://<KEYCLOAK_SERVER:PORT/>) and select Credentials as Authentication Type and save

2023-01-02-20-16-42
2023-01-02-20-16-421060Ă—695 40.9 KB

  1. Navigate to Connectors, select the created connector, and click on Add Account. Select Authorization Type as none and the rest could be left default.

2023-01-02-21-29-14
2023-01-02-21-29-14809Ă—1169 43.4 KB

An account could also be created after resources. But we need to have an account created before we create any operation.

Creating resources & operations for getting token

  1. Click Add Resource with name and Path (realms/{real_name}/protocol/openid-connect/token).

2023-01-12-11-00-11
2023-01-12-11-00-111275Ă—895 51.9 KB

We have made the realm_name as a URL_CONTEXT parameter as this could change depending on the configuration of the OAuth Provider.

  1. Add POST as the method and add 5 parameters, out of which 4 of them as FORM_ENCODED for grant_type, scope, client_id, client_secret and 1 as URL_CONTEXT for realm_name.

2023-01-12-13-47-48
2023-01-12-13-47-482310Ă—1042 124 KB

  1. Add response body for HTTP range 200-299 and click on + for Document Type. Provide a name and click on Load JSON and then copy the JSON response from Postman results (above).

  2. Add another response body for HTTP range 400-599 for Error, and select the Error check box.

2023-01-02-21-04-04
2023-01-02-21-04-041430Ă—967 67.6 KB

2023-01-12-13-51-51
2023-01-12-13-51-511495Ă—1108 51.9 KB

  1. Navigate to Connectors, hover over the created connector, and click Operations.

2023-01-19-09-33-44
2023-01-19-09-33-442299Ă—75 9.09 KB

  1. Click Add Operation, provide a name (example: getToken), select the created account, and save it.

2023-01-19-09-30-00
2023-01-19-09-30-001200Ă—707 24.3 KB

Creating FlowService to get the token

We will use the above-created connector and try to retrieve the token in a Flowservice, this step is not mandatory for token creation, rather just shows how to retrieve the token. Also, it will assist in exporting/importing the whole solution including the connector.

  1. Navigate to Integrations > FlowServices and click + to add new Flowservice

2023-01-12-14-14-13

  1. Add a Transform pipeline and add 5 pipeline variables for request parameters.

  2. Instead of hardcoding the values, we have defined these in Reference data and retrieved them from there.

2023-01-12-14-01-33
2023-01-12-14-01-331971Ă—509 41.1 KB

  1. Now invoke the operation we created and pass the above stream to the body

2023-01-12-14-16-16
2023-01-12-14-16-161581Ă—625 51.4 KB

  1. Save & Test your FlowService

2023-01-12-14-17-12
2023-01-12-14-17-121113Ă—978 202 KB

Useful assets

You can find useful assets and more guidance at OAuth Custom Rest Connector - GitHub project.

1 Like