My developer have reviewed the article for Add Custom Authentication to an Exposed REST API. It has information about exposing API's and adding authorization to it but in his case we want to consume the existing API's that has Okta security.
What we want to achieve is to get the data from the REST API 's that are secured with Okta. We have Okta URL , client id, client password to get the bearer token. We should use these credentials to make a POST API call to get the bearer token and pass this bearer token along with the GET request to get the data we need. Espace names are ContactCore and DataCore_Offender and these are traditional web modules. My integration team are moving APIs and microservices to Kubernetes and connecting via a BFF through Okta.
So what we are trying to figure out is how to authenticate the REST APIs that we use to get the data in the integrations of logic tab.
Appreciate any feedback for my developer, (Avinash Ramana).
Jim
Hello Stefan,
We were able to talk to our Outsystems contact and found there is a bug in the debugger itself, where the response from a server action will appear empty in the debugger independent of what the response actually is. The fix told to use was to use logging functions if this occurs and this helped.
Through logging I was able to find the error code and fix the issue with the scope provided to the Okta request. After making this change, the token appears and I was able to reach the API protected with Okta.
Thank you for your assistance!
Hi Jim,
Sorry to see this question go unanswered for so long. Have you (or your developer) found out how to do things or are you still stuck?
Hi Jim, here https://medium.com/itnext/acquire-and-link-multiple-oauth-tokens-to-outsystems-users-for-delegated-access-b2ba74ca78a0 you will find infos on Authorization code flow.
To protect OutSystems REST API using OpenID Connect here https://medium.com/itnext/protect-outsystems-rest-apis-using-openid-connect-87a2ac7575c1
Thank both of you for responding. My developer is looking into your suggestion. Another area that was brought to our attention is to explore using features from the Integration Studio. Integration Studio allows you to develop extensions in advanced integration scenarios between existing enterprise systems and OutSystems. We are also looking at that but it requires working with .net or J2EE. Has anyone had experience using Integration Studio for a use case like ours?
As always, appreciate the feedback - Jim
Hi Jim. For REST APIs that are protected via OAuth (Okta) you probably do not need a custom extension. All operations from acquiring an access token from OAuth token endpoint to query an endpoint can be done directly from service studio. You can use my component https://www.outsystems.com/forge/component-overview/14457/oauth-token-exchange to interact with an OAuth Token endpoint in a simpler way. It is also mentioned in one of my articles above.
There can be a need to add custom code e.g. in the Request handler or Response handler of the REST API integration. E.g. when you have additional requirements like request signing or encryption, or when you have to transform "unsupported" JSON response documents to OutSystems structures.
Besides custom code Integration Studio is used to connect with external databases, but as you are writing about REST APIs i guess that is not your use case.
Best
Stefan
Thank you Stefan - I will have my developer look into this. Jim
I am the developer and have been working with the component along side researching the demo. When running any of the component actions, there is not a response given from the action and there is also no error so I cannot debug the issue. I am using the exact credentials which work correctly in postman and will attach what the component response looks like.
Thanks
-Ben
weird. At least you should get an error of some kind. You should also check the monitoring section in Service Center if you see any related messages.
Here is a screenshot of a Postman token exchange call (this one is using Microsoft Identity, but OAuth is OAuth :-) ).
and this is the corresponding configuration of the OAuth_ClientCredentialsToken server action
Make sure that the TokenEndpointUrl is the full url including the https protocol.
which then results in
I have still been struggling to get a response from the component. Below is the postman request
There was no scope given for this, is that a required field for the component. As for the request I run the OAuth_ClientCredentialsToken with the information copy and pasted from postman, still getting the following back:
That is pretty unusual. Even if there would be a typo or something you would get at least a status code back (like 404 not found or 400 bad request).
The only difference in the screenshots are that you are sending the client authentication details in the header (Send as Basic Auth Header). My component and my screenshot above send the authentication details in the body of the request (Send client credentials in body).
But most likely your identity provider accepts both. At least most of them do, but you might check this. But again, even then you would get a 400 back.
Can you share your OML file ?