OAuth2 Authentication for Cloud Application Integration Processes

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone my name is Sora Agarwal from informatica cloud management team and today I'm going to talk about one security feature which is coming as part of our spring 2020 degrees which is to support OAuth 2 rato authentication for cloud app integration api's to api manager so let's jump in the question arises why do we require both to auto authentication oftentimes you don't want to provide your username and password to your API consumers because that rates in security but rather what do you want to do is you want to control it by creating an OAuth client and provide the client ID and like details to the user so that they have specific permissions on the API that they are calling so now with spring 2011 enable worth authentication for managed ApS that can invoke a cloud app integration endpoint he things to note here is that it only supports client credentials as grant types your cloud app integration process or the API endpoint should be using basic authentication and your cloud application integration API endpoint cannot be called directly using basic authentication while we will do a demo here but let me talk about the steps that you have to follow to enable this authentication obviously you will need to have a cloud app integration process exposes an API which is enabled for basic authentication you can create a managed API and then create an OAuth to auto clank under API major palsies authorization you will see this in action in the demo you need to save certain key information like client ID client secret and auth header for future use then you would request for access token invoking the OAuth server URL which you will get from the earth client page then you would request for access token invoking the OAuth server URL with crying credentials grant type and then use either client ID or secret or the auth header as a basic token and this in turn will give you an access token as a chart token and then subsequently you will use the short token as a bearer token to invoke the API endpoint with that said let's jump into the demo what you see on your screen right now is a very simple process this process takes in an input and gives out an output which is concatenation of hello with the input that you provided important thing to notice here is that this process is set for basic authentication you would also notice that there's a new check box here which says only accepts HTTP authorization requests from the API gateway and we will talk about this as well but this process right now can be invoked directly using the CI endpoint so let's publish this process and let's try to invoke this process so I complete the endpoint from here and invoke it as you would notice this worked it printed a message on the screen it says hello world now let's look at how do we activate that feature where you only are able to access this API through an oauth2 roto client so that's click on this check box with this it will only accept HTTP authorization request from API gateway let's save it and publish it you would notice that there's a new message on the properties details page which says that it can only accept HTTP authorization requests from the API gateway but let's try this out let's compute this URL and let's invoke it this time you see an error message in the screen which indicates that this process is only accept request from the API gateway so now this API cannot be called through the CI API endpoint let's see how we can call this API using the OAuth 2 roto client for this I will go to the API manager for this I will go to the API manager here you see all the ApS that have been played on this platform let's search for our API so here is the rest endpoint the API proxy from the API manager for this API for the rest interface let's try to manage DPF for this api and let's look at the properties of this api as you would notice that we have various authentication methods here basic wats 2 dot o and jot web token method let's choose Auto and save it now we need to create an auto client for this let's go to policies and the authorization tab here you will notice there is a button called add or - righto clang you can obviously use the Kleins here but let's get a new client you need to pass pass the username and password then provide the details like the clinic name let's call this as a hello world client that's within some description at this point you can make a choice to either use this or pseudo declined for all the API resources or selected ApS or the API groups let's restrict this client to the API that we are working on which is hello world so I choose API as an API group option and only choose hello world let's search for that first so let's choose it click Next at this point you see your client ID client secret and authorization had a value let's make a note of this you also notice that there's an oath to roto server URL let's copy that URL as well now we have all the information required to call this API using an oath to ATO authentication mechanism now let's go to postman to try this out as I mentioned before you have to first get the authentication token which is going to be a jot token from the token URL let's paste it here and let's provide the header here like I mentioned there are two ways of adding the header here either you can use the authorization header and pass in as a basic token for this you will need to use the auth header and send a request you would notice that it says missing round pipe so let's provide the drain pipe as well run type equal to crime credentials in the request you will notice that you have the access token which is a dot token here you also have the token type which is a beer a token expired it and the scope associated with this token you could have done the same by not passing the authorization header but passing in the client ID and secret as user name and password so let's try that as well there is a client ID and let's pass the client secret as well send the request and you're gonna get back the same thing a jar token token type expires in and scope now let's call the API to copy the URL paste here and pass in the required parameters now we need to pass the bearer token as authorization header one that we got from the last EPA call which is the dot token here as a bearer token and send the request and here you get better responses hello world for more information you can refer informatica documentation on the given link and you can also search for more collateral on cloud app and additional community this is a collaborative user platform for people to share and seek information quickly you can ask questions on community and have the experts answer those questions and you can also search for relevant content for example videos and documents and KB's run examples and how to's etc on this website hope you like this video thanks for watching goodbye
Info
Channel: Informatica Support
Views: 2,958
Rating: undefined out of 5
Keywords:
Id: XLUq51eDwPM
Channel Id: undefined
Length: 8min 25sec (505 seconds)
Published: Thu Apr 30 2020
Related Videos
OAuth 2.0 and OpenID Connect (in plain English)
OktaDev
1.1M
OAuth 2.0: An Overview
InterSystems Learning Services
842K
Ted Pattison-Securing SharePoint Apps using OAuth in Office 365
Combined Knowledge
70
Introducing SOAP and JAX-WS
Virtual Pair Programmers
97K
Tools & Techniques to Implement Data Governance Webinar [May 2020]
Billigence
1.4K
Power Platform Custom Connectors Zero to Hero
Microsoft Developer
15K
How to Create a Data Governance Strategy| Data Governance Framework
Data Centric Inc.
272
SSO for Web APIs
freeCodeCamp.org
55K
Why You Will Marry the Wrong Person
The School of Life
4.9M
Introducing the API and Application Integration Capabilities within IICS
Informatica Support
9.4K
PowerCenter to IICS
BladeBridge
97
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.