webMethods.io Integration secure orchestration using OAuth 2.0

Introduction

This article explains about implementing the OAuth2.0 authentication on the webMethods.io Integration flow service and workflow.

Audience

It is assumed that readers of this article know how to create integrations on webMethods.io.

Prerequisite

1. Subscription for webMethods.io integration tenants

2. Sample workflow or flow service is already developed.
   

3. Sample flow service or workflow is wrapped using API

Use Case

1. We have created the webhook workflow
2. Same workflow is wrapped under API and exposed to the outer world with new endpoints
3. In our case we will implement the OAuth 2.0 mechanism on the API.
4. When third-party application wants to access it, OAuth 2.0 mechanism will be used to authorization purpose.

What is OAuth2.0?

• OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords
• For more information, you can follow below link
  • https://oauth.net/articles/authentication/

Steps to implement OAuth 2.0

Create OAuth Client

1. Login to webMethods.io integration and from user icon from the right click on settings.

2. Click on OAuth2.0

3. From the Client registration tab click on Add new Client

4. Provide the name for Client as CustomerRegistrationOAuthClient
5. Under the client management provide the version, Type as “public”
6. In our case we are going to submit the request using the postman client so redirection url will be https://oauth.pstmn.io/v1/callback
7. Set Allowed grants as “Authorization Code Grant”
8. Set Expiration interval as “Never Expires”
9. Set refresh token as “Unlimited”
10. Click Add.

11. Now with this our OAuth client is ready.

Create Scope

1. Click on Add New Scope
2. Provide the name for the scope as CustomerRegistrationScope.
3. Select the project and select the appropriate API from the option provided.
4. In our case we want to select the CustomerRegistrationAPI and select the resource

5.Click on Add.

Associate Scope with OAuth Client

1. Click on Client Registration
2. Click on existing associate scope under the action

3. Click on Add existing scope
4. Select the scope created “CustomerRegistrationScope”

5. With this we have completed the OAuth setup in Webmethods.io integration.

**Testing with postman **

1. Gather the below information to invoke the request from postman
   a. Client ID
   b. Client Secret
   c. API endpoints
   d. Call back url
   e. Authorization URl
2. We can get the above details from CustomerRegistrationOAuthClient

3.Get the access token

4.Click on Get Access token.

5. Provide the grant access

6. Access token is generated.

7. Now use this token to send the request and get the response from API
8. Trigger the request and you will get the response from your API which get authenticated with token passed .

I also recorded a demo on this here: Using OAuth2.0 with webMethods.io Integration Clients - YouTube