Monday, October 21, 2024

OIC Gen3 - About OAuth setup to call integration and Factory APIs

Before we dive deep into the concept of OAuth2.0, lets first understand with below two terminologies:

  • Authentication.
  • Authorization.

Authentication(who you are):

  • Authentication is the process of proving your own identity to third party service. It verifies whether a person’s identity is the same as he or she had declared himself or herself to be.

Example: So when we are trying to log in to Facebook or Google, we are required to first enter the email and password to verify our identity. This is what Authentication is.

Authorization(What access of resources you have):
  • Authorization is the process of giving someone permission to do something or have something. In this process, a person grants another person to have some of its resources or use some of its resources.
  • It is done after successful Authentication. Here an Authorization server is providing access to third-party services to use some of its resources.

Example:
the Authorization server is Google who is providing access to Tableau Desktop(Third-party service)  to use some of its resources.

So OAuth or OAuth 2.0 is an industry standard protocol for authorization, not for authentication. It is meant for service to authorize another service.

OAuth Flow

The requesting, granting, and life management of this tokens are often referred to as a “flow”. The OAuth specification allows for several ways of obtaining and validating tokens, and not all flows are meant for all types of clients.

There are more than one flows available for OAuth. 

Here, we will mainly discuss for below two flows:

  1. Client Credential Flow
  2. Authorization Code Flow


Client Credential Flow:
  1. First the client application register itself with the OCI IAM authorization server. As a part of the registratration, the client chooses the flow or grant_type as the client credential(client id and secrect) and chooses the app role or roles(service developer or service invoker) that it needs to access the APIs
  2. Client (an application or machine) requests access token using its credentials
  3. OCI IAM validates and generates a token.
  4. Access token is sent back to the client.
  5. Client use access token as authentication to call the APIs
  6.  Return the APIs data to the client.

Authorization Code Flow:
  1. First the client application register itself with the OCI IAM authorization server. As a part of the registratration, the client chooses the flow or grant_type as the client credential(client id and secrect) and chooses the app role or roles(service developer or service invoker) that it needs to access the APIs
  2. The Client (A user over mobile or web application) submits an authorization request through a browser to the authorization server's authorization endpoint. 
  3. The authorization server authenticates the user and approve or deny consent for the client to access the user's resource.
  4. In return, the client gets an authorization code that it exchanges for an access token at the token endpoint. 
  5. The client uses the access token to invoke the API and gets the protected data in return.


Key Parameters required by Client Application

Grant Type: Client Credentials/Authorization Code

Access Token URL: https://<idcs url>/oauth2/v1/token

Client ID: xxxxxx

Client Secret: xxxxxx

Scope: https://xxxxxx:opc:resource:consumer::all

Auth URL*: https://<idcs url>/oauth2/v1/authorize

Redirect URL*: https://<oic url>/icsapis/agent/oauth/callback

Note: * for Autorizarion code only


What is IDCS url?
In oci domain where you have provisioned the oracle integration cloud service, its the domain url.
Navigation
Identity & security >> domains >> default domains >> domain url.

What is OIC URL?
Service console url.
Integration instances >> click the oracle integration instance >> service console url


How to create confidential application for Client Credential flow?

High level Steps :
  1. Add application details(application name)
  2. Configure OAuth
    1. Config as client flow
    2. Select client credential and refresh token authrization
    3. Client ip address anywhere
    4. Add resources >> add scope for the oic integration instance.
  3. Configure policy if needed
  4. Add app roles

Navigattion:
Identity & Security >> domain >> integrated application >> add application >>confidential application 














Testing from postman:









How to create confidential application for Authorization Code flow?

High level Steps :
  1. Add application details(application name)
  2. Configure OAuth
    1. Config as client flow
    2. Select client credential and refresh token authrization
    3. Client ip address anywhere
    4. Add resources >> add scope for the oic integration instance.
  3. Configure policy if needed

Navigattion:
Identity & Security >> domain >> integrated application >> add application >>confidential application 













Test from postman:











OIC Factory APIs:
  • Oauth is mandatory in OIC 3.
  • Recommnended to use Design time url with parameter integrationinstance

The Oracle Integration Cloud (OIC) Factory APIs are APIs provided by Oracle for automating and managing integrations and other tasks within Oracle Integration Cloud. These APIs offer capabilities for developers and administrators to programmatically control OIC environments, allowing for tasks such as creating, deploying, managing, and monitoring integrations.

Key Use Cases for OIC Factory APIs
  • Managing Integrations: List, activate, deactivate, or delete integrations.
  • Monitoring: Check the status of integrations, view errors, and retrieve logs.
  • Instance Management: Manage and monitor specific integration instances.
  • Connections and Adapters: Manage connections and adapters, including creation, update, and deletion.
  • Error Handling: Fetch and manage error details for integration runs.
Example Use Cases and API Requests

1. List Integrations

This API lists all the integrations available in OIC.

Request

GET /ic/api/integration/v1/integrations
Headers:
- Authorization: Bearer <access_token>

Example Response

[
   {
      "id": "INT-123",
      "name": "Example_Integration",
      "status": "ACTIVE",
      "version": "01.00.0000",
      "lastUpdated": "2023-08-20T15:45:00Z"
   },
   {
      "id": "INT-124",
      "name": "Another_Integration",
      "status": "INACTIVE",
      "version": "01.00.0001",
      "lastUpdated": "2023-07-18T10:10:00Z"
   }
]

2. Activate an Integration

Activating an integration makes it available to process instances.

Request

POST /ic/api/integration/v1/integrations/{integrationId}/activate
Headers:
- Authorization: Bearer <access_token>

Example Request

POST /ic/api/integration/v1/integrations/INT-123/activate

Response

{
   "status": "SUCCESS",
   "message": "Integration activated successfully."
}



Rest connection example created in OIC:

Example1:







at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Featured Post

11g to 12c OSB projects migration points

1. Export 11g OSB code and import in 12c Jdeveloper. Steps to import OSB project in Jdeveloper:   File⇾Import⇾Service Bus Resources⇾ Se...