OIC - Secure Rest API with OAuth Security policy

OAuth is open authentication protocol to protect the resources. It is the industry standard protocol for authorization

It is authorization framework enables a third party application to obtain limited access to an HTTP service, either behalf of a resource owner or by allowing the third party application to obtain access on its behalf.

High level Steps:

• Register a Trusted application in Identity Cloud Service(IDCS)
• Extract the client id, client secret & scope
• Obtain the access token
• Hit the rest endpoint using access token

Detailed steps:

Login to IDCS

Search with Id

Go to application page

Add an application

Confidential application

Provide the app name

Provide allowed Grant type as required. We will use resource owner here.

Add scope

Select  myoic url for api call.

Select both.

Select the 1st url till all.

Provide access token properties.

Click finish

Application added.

 

Activate

Copy the client id and secret.

Copy the scope url till all.

Open postman and provide idcs url with /oauth2/v1/token

Select Oauth and provide username as client id and password as client secret.

Go to body and select x-www-form-urlencoded and provide grant_type, scope, username as oic user and password

Hit send

You will get the access token.

Below url you can use to see all the api trigger services.

Open the api url and authorization in header section as bearer access token.

Following rest trigger connection where we have select security policy as OAuth 2.0