Versions Compared

Old Version 7

changes.mady.by.user Tijmen Daatselaar

Saved on

compared with

New Version Current

changes.mady.by.user Manon van Tilburg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Mention oauth2-token-request-parameters

...

When the Rest Endpoint that needs to be called is secured with OAuth2, you can set the property blueriq.connection.<connectionName>.http.authentication to oauth2. You need to fill out some extra properties that should be provided by the maintainer of the endpointdefine a Spring Security Oauth2 Client Registration and Provider and set the blueriq.connection.<connectionName>.http.oauth2-client-registration to the corresponding client registration. See Connections Properties for those. Blueriq will request a token from the oauth2-token-endpoint and call the Rest Service with that token.

Since OAuth2 doesn't specify how certain properties are transmitted when requesting a token, we include a set of default behavior:

...

 

Since 17.0 we use Spring Security OAuth2, which makes it a lot more versatile and better configurable. 

Code Block
languageyml
titleAfter
spring:
  security:
    oauth2:
      client:
        registration:
          my-oauth2-client:
            provider: my-auth-server
            client-id: my-client-id
			client-authentication-method: client_secret_basic
            client-secret: secret-password-text
            authorization-grant-type: client_credentials
        provider:
          my-auth-server:
            token-uri: https://identity.provider.com/token
blueriq:
  connection:
    my-connection1:
      http:
        url: https://some.domain.com/resource1
        authentication: oauth2
        oauth2-client-registration: my-oauth2-client
    my-connection2:
      http:
        url: https://some.domain.com/resource2
        authentication: oauth2
        oauth2-client-registration: my-oauth2-client
  • When requesting a token, the Client ID and the Client Secret will be sent as Basic Authentication as default, but you can also use client_secret_post as client-authentication-method so it will be sent in the body.
  • Since 17.2 it is also possible to send along custom parameters when requesting a token, see Connections Properties
  • When requesting a token, the POST method is used.

  • In the token response, we expect a JSON structure that at least contains an access_token and a token_type:

    Code Block
    languagejs
    {
  "access_token": "f608a968-b1ef-457a-8d1a-71ee007ac4d2",
  "token_type": "bearer"
}

  • Access tokens are not cached. Each Rest Service call will request a new token.

...

Note
titleLimitations
  • The current implementation is limited to one Access Token Provider per Blueriq Runtime, so all of your OAuth2 enabled Rest Service Calls will use the same schemeimplementation of the Access Token Provider.
  • The current implementation does not support the grant type password. We only tested the default implementation only supports the client_credentials grant type.The current implementation will send the Access Token as Bearer to the Rest Service endpoint.