Hii,
I'm facing an issue to secure Exposed API using OAuth 2.0, I have referred many documentation and Forge component but i didn't get proper information, In some components there was not proper documentation to implement OAuth 2 provider. If someone have OML of this can you please provide.
Hey you can refer below links to setup OAuth2.0 with api.
Blog : https://www.outsystems.com/blog/posts/securing-outsystems-apis-oauth2/
Forge : https://www.outsystems.com/forge/component-overview/3573/oauth2provider
My biggest issue with both the blog and the component is that we create our own oAuth2 provider (and a simple one at that). I want to use Entra Id as the oAuth2 provider and that is, since we have bad integration with the MSAL package, a hard thing to do.
Hi Vincent. Interesting to hear that. Why do you say it is a hard thing to use Entra as Identity Provider? Is it because of the nonce header? https://www.outsystems.com/forums/discussion/89897/jwt-oauth-token-signature-validation-with-nonce-in-header/
My article here https://medium.com/itnext/protect-outsystems-rest-apis-using-openid-connect-87a2ac7575c1 provides a step-by-step tutorial.
Here the sample service in forge https://www.outsystems.com/forge/component-overview/13934/protect-exposed-rest-api-using-openid-connect
Stefan