This tutorial consists of detailed steps of generating OAuth Tokens for Grant type Authorization code and Implicit Grant.
By Sabreen Irfana
1 Introduction
Integration Server supports the following Grant types:
- Authorization Code Grant
- Implicit Grant
- Client Credentials Grant
- Resource Owner Password Credentials Grant
This tutorial is intended to provide Information on how to generate OAuth tokens for given grant type Implicit and Authorization code grant.
2. Setup
Following are the required Software AG components in any given environment:
Components
- Integration Server(v10.3)
- Designer (v10.3)
- Any Client to invoke REST Service call (I have used Postman)
3. Generate OAuth Token for Grant Type: Authorization Code/Implicit Grant
Step 1: Login to v10.3 Integration Server and Install Following Packages
Step 2: Change the Authorization Server Settings to Require HTTPS as No, As the Authorization Server used is not configured to HTTPS
Authorization Server Settings to Require HTTPS as No:
- Login to Integration Server and Navigate to Security->OAuth->Edit OAuth Global Settings
- Uncheck Require HTTPS
Step3: Register same Integration Server as a Client
- Navigate to Security->OAuth
- Click Client Registration
- Click Register Client and Provide the following details:
Client Configuration
Client Name: ISClient1
Version: 1.0
Type: Confidential
Description: IS_Authorization Code Grant
Redirect URIs: http://<ISHostname:port>:7777/invoke/oauth/tokenForAuthCode
Allowed Grant: Check Authorization Code Grant
Token
Expiration Interval: Check Never Expires
Refresh Count: Limit:0
- Click Save and On Click Save
Successfully registered client ISClient1, version 1.0 message should be displayed.
Client ID Should be generated as shown below
Step4: Create Scope and associate scope with the client.
Create Scope
- Navigate to IS webUI->Security->OAuth
- Click Scope Management
- Click Add Scope and then provide the following Scope details
Scope Configuration Name: Scope1
Description: IS_Scope1
Folders and services: InvokeOauth:AddInts
- Click Save Changes
Saved scope Scope1 successfully message should be displayed.
Associate scope with the client
-
Click Associate Scopes to Clients
Scopes:
Select ISClient(1.0) from Remaining Clients and Move to Clients associate with Scope
Clients:
Select Scope1 from Remaining Scopes and Move to Scope in the Client
- Click Save Changes
The scope and client associations were updated successfully message should be displayed.
- Click Return to Scope Management
- Click Return to OAuth
- Click Client Registration
Step5: Create Scope and associate scope with the client.
Get ClientID and Client Secret from Client which is already created.
- Navigate to Registered Clients and click on ISClient(1.0) and copy the ID and Secret which get generated on the creation of client
- ID: 1e1cf7507e73473ca879e1307496b55e
- Secret: ed12a6e1de5a49719f02b3cc57d198a4
Step 6: Run saveClientInfo from Designer
-
Invoke Designer and connect to Integration Server and Set Service Deployment prospective
- Select Default;OAuthRedirectionEndpoint;oauth;client;saveClientInfo in Tree
- RightClick and Run saveClientInfo service and provide the values for following parameters
- Click Ok
Step7: Authorize Client
- Invoke Following URL
http://<IShost>:<ISport>/invoke/pub.oauth/authorize?client_id=<Client_id_value>&scope=<Scop e_name> &response_type=code
example:
http://banrndsrv04:9403/invoke/pub.oauth/authorize?client_id=1e1cf7507e73473ca879e1307 496b55e&scope=Scope1&response_type=code
If Invocation requires credentials provide the following details:
Username: Administrator
Password: manage
- On Invocation a Resource access approval loads up, check the required Scope and click on Approve
- And On Click Approve tokenData:- access_data,token_type,expires_in will get generated for specific scope type, basically, an OAuth_token will be generated for specified Grant Type and can be used on Invocation of service specified under the scope.
expires_in is -1 and we specified never expire while creating client
Step8: Scope Service Invocation with generated token as access credential
- Launch Postman or any other client
- Select Post method and provide following details
URL: http://banrndsrv04:9403/invoke/InvokeOauth:AddInts?num1=1&num2=2
Provided URL invocation of Service defined under Scope
Header:
Key: Authorization
Value: Bearer 84e0324f70de4a5ab695eb87e27b0406
- Click Send
and then check status: OK