Working with OAuth Type Authorization Code Grant and Implicit Grant

This tutorial consists of detailed steps of generating OAuth Tokens for Grant type Authorization code and Implicit Grant.

By Sabreen Irfana

1 Introduction

Integration Server supports the following Grant types:

  • Authorization Code Grant
  • Implicit Grant
  • Client Credentials Grant
  • Resource Owner Password Credentials Grant

This tutorial is intended to provide Information on how to generate OAuth tokens for given grant type Implicit and Authorization code grant.

2. Setup

Following are the required Software AG components in any given environment:


  • Integration Server(v10.3)
  • Designer (v10.3)
  • Any Client to invoke REST Service call (I have used Postman)

3. Generate OAuth Token for Grant Type: Authorization Code/Implicit Grant

Step 1: Login to v10.3 Integration Server and Install Following Packages


Step 2: Change the Authorization Server Settings to Require HTTPS as No, As the Authorization Server used is not configured to HTTPS

Note: Same Integration server can act as Authorization Server and also as a Client. In our scenario only one Integration Server act as both.

Authorization Server Settings to Require HTTPS as No:

  • Login to Integration Server and Navigate to Security->OAuth->Edit OAuth Global Settings
  • Uncheck Require HTTPS

Step3: Register same Integration Server as a Client

  • Navigate to Security->OAuth
  • Click Client Registration
  • Click Register Client and Provide the following details:

    Client Configuration

Client Name: ISClient1
Version: 1.0
Type: Confidential
Description: IS_Authorization Code Grant
Redirect URIs: http://<ISHostname:port>:7777/invoke/oauth/tokenForAuthCode
Allowed Grant: Check Authorization Code Grant


Expiration Interval: Check Never Expires
Refresh Count: Limit:0

Note: The above provided Token values can be changed accordingly and Provided Redirect URI is the custom service which is used to fetch the token when generated.
  • Click Save and On Click Save

Successfully registered client ISClient1, version 1.0 message should be displayed.
Client ID Should be generated as shown below

Step4: Create Scope and associate scope with the client.

Create Scope

  • Navigate to IS webUI->Security->OAuth
  • Click Scope Management
    • Click Add Scope and then provide the following Scope details

Scope Configuration Name: Scope1
Description: IS_Scope1
Folders and services: InvokeOauth:AddInts

  • Click Save Changes
    Saved scope Scope1 successfully message should be displayed.

 Associate scope with the client

  • Click Associate Scopes to Clients

Select ISClient(1.0) from Remaining Clients and Move to Clients associate with Scope
Select Scope1 from Remaining Scopes and Move to Scope in the Client

  • Click Save Changes
    The scope and client associations were updated successfully message should be displayed.
  • Click Return to Scope Management
  • Click Return to OAuth
  • Click Client Registration

Step5: Create Scope and associate scope with the client.

Get ClientID and Client Secret from Client which is already created.

  • Navigate to Registered Clients and click on ISClient(1.0) and copy the ID and Secret which get generated on the creation of client

- ID: 1e1cf7507e73473ca879e1307496b55e
- Secret: ed12a6e1de5a49719f02b3cc57d198a4

Step 6: Run saveClientInfo from Designer

  • Invoke Designer and connect to Integration Server and Set Service Deployment prospective

  • Select Default;OAuthRedirectionEndpoint;oauth;client;saveClientInfo in Tree
  • RightClick and Run saveClientInfo service and provide the values for following parameters
  • Click Ok

Step7: Authorize Client

  • Invoke Following URL

http://<IShost>:<ISport>/invoke/pub.oauth/authorize?client_id=<Client_id_value>&scope=<Scop e_name> &response_type=code


http://banrndsrv04:9403/invoke/pub.oauth/authorize?client_id=1e1cf7507e73473ca879e1307 496b55e&scope=Scope1&response_type=code

If Invocation requires credentials provide the following details:
Username: Administrator
Password: manage

  • On Invocation a Resource access approval loads up, check the required Scope and click on Approve
Note: If only one scope is available in Integration Server then by default ALL and Scope will be selected.

  • And On Click Approve tokenData:- access_data,token_type,expires_in will get generated for specific scope type, basically, an OAuth_token will be generated for specified Grant Type and can be used on Invocation of service specified under the scope.
Note: One Scope can have n number of services and the generated token can be used for n number of services specified under that one scope.

expires_in is -1 and we specified never expire while creating client

Step8: Scope Service Invocation with generated token as access credential

  • Launch Postman or any other client
  • Select Post method and provide following details

URL: http://banrndsrv04:9403/invoke/InvokeOauth:AddInts?num1=1&num2=2

Provided URL invocation of Service defined under Scope

Key: Authorization
Value: Bearer 84e0324f70de4a5ab695eb87e27b0406

  • Click Send
    and then check status: OK

Execute Step 1-8 for implicit grant type, it just that while creating client select Implicit grant instead of Authorized code grant.
The above-specified scenario is a way which depicts how we can use the OAuth types in Integration server and how we can use the generated tokens to invoke or services



image.png (4.4 KB) (21.9 KB)