Versions Compared

Old Version 6

changes.mady.by.user Tijmen Daatselaar

Saved on

compared with

New Version Current

changes.mady.by.user Manon van Tilburg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Mention oauth2-token-request-parameters

...

The following parameters can be set for the service from Encore:

NameDescriptionTypeRequiredDirectionSelect module
restServiceThe name of the REST service along with the module where it is defined.Module ElementYesInputYes
operationThe name of the operation of the REST service that needs to be called.StringYesInputNo
urlThe URL of the REST webservice.String ExpressionNoInputNo
connectionOverride

The name to use when overriding connection in the Runtime configuration files (more about this in the following section).

Not that if the expression returns the value unknown ( ? ) as result, an error is thrown. In this scenario no fallback is used.

String ExpressionNoInputNo
mappingThe name of the data mapping to use along with the module where it can be found.Data mappingNoBiDirectionalNo
usernameThe username to use in the service calling.StringNoInputNo
passwordThe password to use in the service calling.StringNoInputNo

Overriding parameters

The parameters url, username and password can be overridden in the Runtime's configuration files.

...

  • The exception exit can be used to handle exceptions such as a failing data mapping, or a response body that doesn't match the domain schema.
  • Use the exit events to handle timeouts, client errors (http status code 4xx), and server errors (http status code 5xx).
    • If there is a need to distinguish on a more specific http status code than the aforemantioned ranges, you can use the header in the REST service to map the status code with the name "Status" to the profile.

Exit events

NameDescriptionType
TimeoutWhen the REST request returns a timeout exception.

Continue

ClientError (since 16.7)When the REST request returns a 4xx exception.

Continue

ServerError (since 16.7)When the REST request returns a 5xx exception.

Continue

default exit event

All unmapped events will be redirected to the default exit node of the service call, even errors. Therefore it is recommended to always map all possible expected exit events.

Continue

Authentication options

There are several authentication options, which are configurable per connection with properties:

...

When the Rest Endpoint that needs to be called is secured with OAuth2, you can set the property blueriq.connection.<connectionName>.http.authentication to oauth2. You need to fill out some extra properties that should be provided by the maintainer of the endpointdefine a Spring Security Oauth2 Client Registration and Provider and set the blueriq.connection.<connectionName>.http.oauth2-client-registration to the corresponding client registration. See Connections Properties for those. Blueriq will request a token from the oauth2-token-endpoint and call the Rest Service with that token.

Since OAuth2 doesn't specify how certain properties are transmitted when requesting a token, we include a set of default behavior:

...

 

Since 17.0 we use Spring Security OAuth2, which makes it a lot more versatile and better configurable. 

Code Block
languageyml
titleAfter
spring:
  security:
    oauth2:
      client:
        registration:
          my-oauth2-client:
            provider: my-auth-server
            client-id: my-client-id
			client-authentication-method: client_secret_basic
            client-secret: secret-password-text
            authorization-grant-type: client_credentials
        provider:
          my-auth-server:
            token-uri: https://identity.provider.com/token
blueriq:
  connection:
    my-connection1:
      http:
        url: https://some.domain.com/resource1
        authentication: oauth2
        oauth2-client-registration: my-oauth2-client
    my-connection2:
      http:
        url: https://some.domain.com/resource2
        authentication: oauth2
        oauth2-client-registration: my-oauth2-client
  • When requesting a token, the Client ID and the Client Secret will be sent as Basic Authentication as default, but you can also use client_secret_post as client-authentication-method so it will be sent in the body.
  • Since 17.2 it is also possible to send along custom parameters when requesting a token, see Connections Properties
  • When requesting a token, the POST method is used.

  • In the token response, we expect a JSON structure that at least contains an access_token and a token_type:

    Code Block
    languagejs
    {
  "access_token": "f608a968-b1ef-457a-8d1a-71ee007ac4d2",
  "token_type": "bearer"
}

  • Access tokens are not cached. Each Rest Service call will request a new token.

...

Note
titleLimitations
  • The current implementation is limited to one Access Token Provider per Blueriq Runtime, so all of your OAuth2 enabled Rest Service Calls will use the same schemeimplementation of the Access Token Provider.
  • The current implementation does not support the grant type password. We only tested the default implementation only supports the client_credentials grant type.The current implementation will send the Access Token as Bearer to the Rest Service endpoint.