Page History
...
When the Rest Endpoint that needs to be called is secured with OAuth2, you can set the property blueriq.connection.<connectionName>.http.authentication
to oauth2
. You need to fill out some extra properties that should be provided by the maintainer of the endpointdefine a Spring Security Oauth2 Client Registration and Provider and set the blueriq.connection.<connectionName>.http.oauth2-client-registration
to the corresponding client registration. See Connections Properties for those. Blueriq will request a token from the oauth2-token-endpoint
and call the Rest Service with that token.
Since OAuth2 doesn't specify how certain properties are transmitted when requesting a token, we include a set of default behavior:
...
Since 17.0 we use Spring Security OAuth2, which makes it a lot more versatile and better configurable.
Code Block | ||||
---|---|---|---|---|
| ||||
spring:
security:
oauth2:
client:
registration:
my-oauth2-client:
provider: my-auth-server
client-id: my-client-id
client-authentication-method: client_secret_basic
client-secret: secret-password-text
authorization-grant-type: client_credentials
provider:
my-auth-server:
token-uri: https://identity.provider.com/token
blueriq:
connection:
my-connection1:
http:
url: https://some.domain.com/resource1
authentication: oauth2
oauth2-client-registration: my-oauth2-client
my-connection2:
http:
url: https://some.domain.com/resource2
authentication: oauth2
oauth2-client-registration: my-oauth2-client |
- When requesting a token, the Client ID and the Client Secret will be sent as Basic Authentication as default, but you can also use client_secret_post as client-authentication-method so it will be sent in the body.
- Since 17.2 it is also possible to send along custom parameters when requesting a token, see Connections Properties
- When requesting a token, the POST method is used.
In the token response, we expect a JSON structure that at least contains an
access_token
and atoken_type
:Code Block language js { "access_token": "f608a968-b1ef-457a-8d1a-71ee007ac4d2", "token_type": "bearer" }
Access tokens are not cached. Each Rest Service call will request a new token.
...
Note | ||
---|---|---|
| ||
|