19 June, 2015

Managing your OAuth Clients via REST API - Oracle API Gateway

Usually, Oracle API Gateway (OAG) provides the WebApplication Client Registry Application to manage data from every client application that sends OAuth requests to the API Gateway's OAuth Authorization Server.

In my scenario, I had to manage OAuth data out-of-box of the WebApplication so I tried to look for the REST API documentation of the feature.

Unfortunatelly, Oracle doesn't provide ANY documentation about the REST APIs in this case, so I had to investigate the API.

I am sharing the functionalities with cUrl commands, to improve and resume the information:

PREFACE

  • All cUrl commands have tested with --insecure (or -k) mode, it was a environment with no certificates installed.
  • The credentials regadmin:changeme came from the OAG default settings. You can create other users and replace the admin credentials in a safe environment.
  • You can use | python -mjson.tool to format the JSON output on the GET options
  • localhost can be replaced by any dns or IP address you need



CREATING DATA



A NEW APPLICATION (WITH MAIN DATA)

URI/api/portal/v1.1/applications
Example: curl --insecure -X POST --user regadmin:changeme -H "Content-Type:application/json" https://localhost:8089/api/portal/v1.1/applications -d @sampleClient.json

Where sampleClient.json is:

{
    "description": "Dummy Description", 
    "email": "dummy@dummycorp.com", 
    "name": "DummyCorp"
}
In this case, the ClientApplicationId is an autogenerated value. In a next post, I'll show how to work with this 'problem'.

Given DummyCorpId as the id generated (usually is a value like 1fd97e5d-ec13-4054-8284-3646b86ce02c):

INSERT API KEY:

URI/api/portal/v1.1/applications/<ClientAppId>/apikeys
Example: curl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth -X POST -H 

All values (id and secret) are autogenerated.

INSERT OAUTH DATA:

URI/api/portal/v1.1/applications/<ClientAppId>/oauth
Example: curl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth -X POST -H "Content-Type:application/json" -d @oauthclient.json

Where oauthclient.json is:


    "cert": "", 
    "enabled": true, 
    "redirectUrls": [
        "http://www.google.com"
    ], 
    "id":"ClientID",
    "secret": "ClientSecret", 
    "type": "confidential"
}

INSERT OAUTH SCOPE:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauthresource
Examplecurl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresource -X POST -H "Content-Type:application/json" -d @oauthscope.json

Where oauthscope.json is:

{
    "id":"CustomerREADScope",
    "enabled": true, 
    "scopes": ["customer.READ"],
    "scope": "customer.READ", 
    "uriprefix": "customer.READ"
}

GETTING DATA

ALL APPLICATIONS REGISTERED

URI/api/portal/v1.1/applications
Example: curl --insecure -X GET --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications | python -mjson.tool



A SIMPLE APPLICATION

URI: /api/portal/v1.1/applications/<ClientAppId>
Example: curl --insecure -X GET --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId



API KEYS

URI/api/portal/v1.1/applications/<ClientAppId>/apikeys/
Example: curl --insecure -X GET --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/apikeys/



THE OAUTH MAIN DATA

URI/api/portal/v1.1/applications/<ClientAppId>/oauth
Examplecurl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth

and the OAuth Scopes:

URI/api/portal/v1.1/applications/<ClientAppId>/oauthresource
Examplecurl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresouce



UPDATE DATA

In order to update data with this REST API, you should provide all data previously inserted. If you provide just the field(s) you want to update, the others will be null

UPDATE APP MAIN DATA

URI/api/portal/v1.1/applications/<ClientAppId>
Example: curl --insecure -X PUT --user regadmin:changeme -H "Content-Type:application/json" https://localhost:8089/api/portal/v1.1/applications/DummyCorpId -d @updateClient.json

Where updateClient.json is:

{
    "id": "DummyCorpId", 
    "description": "Dummy Description", 
    "email": "dummy@dummycorp.com", 
    "name": "New DummyCorp",
    "createdOn": 1434714309524, 
    "enabled": true, 
    "image": null, 
    "organizationId": null, 
    "phone": "phone", 
    "state": null
}


UPDATE OAUTH DATA:

URI/api/portal/v1.1/applications/<ClientAppId>/oauth/<ClientId>
Example: curl --insecure --user regadmin:changeme -X PUT https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth/ClientID  -d @oauthclient_update.json -H "Content-Type:application/json"

Where oauthclient_update.json is:

{
    "applicationId": "DummyCorpId", 
    "cert": "", 
    "corsOrigins": [], 
    "createdBy": null, 
    "createdOn": 1434715843102, 
    "enabled": true, 
    "id": "ClientID", 
    "redirectUrls": [
        "http://www.google.com/redirect"
    ], 
    "secret": "ClientSecret", 
    "type": "confidential"
}

In this case, you should provide applicationId as well. If you don't, the value will be updated to null.


UPDATE OAUTH SCOPE:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauthresource/<resourceId>
Examplecurl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresource/CustomerREADScope -X PUT -H "Content-Type:application/json" -d @updateoauthscope.json

Where updateoauthscope.json is:

{
    "applicationId": "DummyCorpId", 
    "enabled": true, 
    "id": "CustomerREADScope", 
    "isDefault": true, 
    "scope": "customer_READ", 
    "scopes": ["customer_READ"],
    "uriprefix": "customer_READ"
}

DELETE DATA


DELETE ALL APP DATA

URI/api/portal/v1.1/applications/<ClientAppId>
Example: curl --insecure --user regadmin:changeme -X DELETE https://localhost:8089/api/portal/v1.1/applications/DummyCorpId 

DELETE OAUTH DATA:

URI/api/portal/v1.1/applications/<ClientAppId>/oauth/<ClientId>
Example: curl --insecure --user regadmin:changeme -X DELETE https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth/ClientID 


DELETE OAUTH SCOPE:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauthresource/<resourceId>
Examplecurl --insecure --user regadmin:changeme -X DELETE https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresource/CustomerREADScope

REFERENCES


  • http://docs.oracle.com/cd/E39820_01/doc.11121/gateway_docs/content/oauth_app_registration.html 
  • https://docs.oracle.com/cd/E55956_01/index.htm

03 June, 2015

OAG (Oracle API Gateway) Silent (or unattended) install

There are few options on the official guide, to build a Silent (Unnatended) Install for Oracle API Gateway.
The basic mode to build a Silent Install is:


./OAG-11.1.2.1.0-linux-installer.run --mode unattended 
  --enable-components nodemanager --disable-components analytics,policystudio

Follow a command I have created to just install the APIGateway without any other components of the install:


./OAG_11.1.2.3.0-linux-x86-64-installer.run --optionfile OAG_11.1.2.3.0-linux-x86-64-installer.run.options

Here is the OAG_11.1.2.3.0-linux-x86-64-installer.run.options file content:
prefix=/oracle/middleware/oag_home
mode=unattended
debugtrace=log/debug_install.out
enable-components=apigateway
disable-components=analytics,policystudio,configurationstudio,apitester
setup_type=standard
firstInNewDomain=1
nmHostnameOrIpChoice=127.0.0.1
nmPort=8090
rnmUsername=admin
rnmPassword=changeme
askNmService=0
nmServiceUser=admin
nmServiceUserQuestion=0
configureGatewayQuestion=0
askGwService=0
nmStartupQuestion=0

You can find more tricks to build your options file by using the option --help with the .run file.

References:
https://docs.oracle.com/cd/E39820_01/doc.11121/gateway_install_docs/content/install_gateway.html#p_install_gateway_command
http://docs.axway.com/u/documentation/api_gateway/7.4.0/APIGateway_InstallationGuide_allOS_en.pdf, Page 24

17 March, 2015

Error with a JDeveloper Project - output files couldn't be created

There is an issue regarding the project building with JDeveloper, doesn't matter the techonology you are using (Java, SCA).
If you are facing an error like below:


[scac]  error: C:\git\bpels\MyProject\classes\scac_out.xml (The system can not find the path specified)
     [scac] ====> Faulted
     [scac] java.io.FileNotFoundException: C:\git\bpels\MyProject\classes\scac.log (The system can not find the path specified)
     [scac] at java.io.FileOutputStream.open(Native Method)
     [scac] at java.io.FileOutputStream.<init>(FileOutputStream.java:221)
     [scac] at java.io.FileOutputStream.<init>(FileOutputStream.java:142)
     [scac] at org.apache.tools.ant.util.LazyFileOutputStream.ensureOpened(LazyFileOutputStream.java:158)

Here is the solution:

You only need to recreate the folder "classes" under the "MyProject" structure.
Then, try to build your project again.

06 January, 2015

Starting and Stoping Instructions for OAG - Oracle API Gateway

I was facing some issues with the OAG 11.1.2.3.0, by using of the Policy Studio.
The IDE was trying to retrieve the status from the OAG Instance, and it never finished.

The solution I found was bouncing the server and nodemanager as well.

Starting instructions

Starting the Node Manager

  • Open a shell terminal at INSTALL_DIR/apigateway/posix/bin/
  • Run the command
           prompt# ./nodemanager
  • If you are using an encryption passphrase, you will be prompted for this passphrase.

Starting the API Gateway

  • Open a shell terminal at INSTALL_DIR/apigateway/posix/bin/
  • Run the command
    startinstance -n "my_server" -g "my_group"
  • Where
    • my_server is the server under the group (my_group) configured into the OAG Installation.

Tip

You can enter the startinstance command without any arguments to display the servers registered on the machine. For example:
INSTALL_DIR\posix\bin$ ./startinstance
usage: "startinstance [[-n instance-name -g group-name [instance-args]] |
[directory-location [instance-args]]]"
The API Gateway instances listed below are available to run on this machine
as follows:
   startinstance -n "my_server1" -g "oaggroup"
   startinstance -n "my_server2" -g "oaggroup"

Stopping instructions

Stopping the API Gateway

To stop the gateway instance you can use the same command used to start the OAG but adding the -k option as follows:

        INSTALL_DIR/apigateway/posix/bin/startinstance -n "my_server" -g "my_group" -k

This will stop (kill) the OAG process.


Stopping the Node Manager

To stop the nodemanager we can use this command:

        INSTALL_DIR/apigateway/posix/bin/nodemanager -k

Campanha de Certificação Oracle: Retake gratuito para Java e Database

A Oracle está oferendo certificações com retake por tempo limitado, para Java e Database.
"Mas, o que é o retake, afinal?"
É uma segunda chance de você se certificar, caso reprove em uma primeira tentativa de uma certificação. 
"Ah, mas se eu conseguir passar "de primeira", eu ganho outra oportunidade para outra prova?"
Não. Se você consegue a aprovação na primeira tentativa, parabéns! Você não passará o sufoco de uma segunda prova. :)
O retake é uma forma de encorajar àqueles que têm receio em uma reprovação.

Termos e condições básicas da promoção

  • Até quando?
São três fatores: a inscrição, a primeira tentativa e o possível retake. Todos devem ser feitos até 31 de maio de 2015, e o intervalo entre o exame inicial e a repetição é de, no mínimo, 14 dias. 
  • Como fazer?
    • Registre-se para qualquer um dos exames de certificação Java ou Oracle Database 12c na página Web da Pearson VUE (http://www.pearsonvue.com/oracle/promos/retake/la.asp)
    • Inclua, no momento da matrícula, o código de promoção: RETAKE15LA. Adicionar este código de promoção ao seu registro irá qualificá-lo para a oportunidade de repetir o seu exame gratuitamente por uma vez. 
    • Faça o seu exame.
  • Quais são as certificações disponíveis?
Java:
Oracle Database 12c: