19 June, 2015

Managing your OAuth Clients via REST API - Oracle API Gateway

Usually, Oracle API Gateway (OAG) provides the WebApplication Client Registry Application to manage data from every client application that sends OAuth requests to the API Gateway's OAuth Authorization Server.

In my scenario, I had to manage OAuth data out-of-box of the WebApplication so I tried to look for the REST API documentation of the feature.

Unfortunatelly, Oracle doesn't provide ANY documentation about the REST APIs in this case, so I had to investigate the API.

I am sharing the functionalities with cUrl commands, to improve and resume the information:

PREFACE

  • All cUrl commands have tested with --insecure (or -k) mode, it was a environment with no certificates installed.
  • The credentials regadmin:changeme came from the OAG default settings. You can create other users and replace the admin credentials in a safe environment.
  • You can use | python -mjson.tool to format the JSON output on the GET options
  • localhost can be replaced by any dns or IP address you need



CREATING DATA



A NEW APPLICATION (WITH MAIN DATA)

URI/api/portal/v1.1/applications
Example: curl --insecure -X POST --user regadmin:changeme -H "Content-Type:application/json" https://localhost:8089/api/portal/v1.1/applications -d @sampleClient.json

Where sampleClient.json is:

{
    "description": "Dummy Description", 
    "email": "dummy@dummycorp.com", 
    "name": "DummyCorp"
}
In this case, the ClientApplicationId is an autogenerated value. In a next post, I'll show how to work with this 'problem'.

Given DummyCorpId as the id generated (usually is a value like 1fd97e5d-ec13-4054-8284-3646b86ce02c):

INSERT API KEY:

URI/api/portal/v1.1/applications/<ClientAppId>/apikeys
Example: curl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth -X POST -H 

All values (id and secret) are autogenerated.

INSERT OAUTH DATA:

URI/api/portal/v1.1/applications/<ClientAppId>/oauth
Example: curl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth -X POST -H "Content-Type:application/json" -d @oauthclient.json

Where oauthclient.json is:


    "cert": "", 
    "enabled": true, 
    "redirectUrls": [
        "http://www.google.com"
    ], 
    "id":"ClientID",
    "secret": "ClientSecret", 
    "type": "confidential"
}

INSERT OAUTH SCOPE:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauthresource
Examplecurl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresource -X POST -H "Content-Type:application/json" -d @oauthscope.json

Where oauthscope.json is:

{
    "id":"CustomerREADScope",
    "enabled": true, 
    "scopes": ["customer.READ"],
    "scope": "customer.READ", 
    "uriprefix": "customer.READ"
}

GETTING DATA

ALL APPLICATIONS REGISTERED

URI/api/portal/v1.1/applications
Example: curl --insecure -X GET --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications | python -mjson.tool



A SIMPLE APPLICATION

URI: /api/portal/v1.1/applications/<ClientAppId>
Example: curl --insecure -X GET --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId



API KEYS

URI/api/portal/v1.1/applications/<ClientAppId>/apikeys/
Example: curl --insecure -X GET --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/apikeys/



THE OAUTH MAIN DATA

URI/api/portal/v1.1/applications/<ClientAppId>/oauth
Examplecurl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth

and the OAuth Scopes:

URI/api/portal/v1.1/applications/<ClientAppId>/oauthresource
Examplecurl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresouce



UPDATE DATA

In order to update data with this REST API, you should provide all data previously inserted. If you provide just the field(s) you want to update, the others will be null

UPDATE APP MAIN DATA

URI/api/portal/v1.1/applications/<ClientAppId>
Example: curl --insecure -X PUT --user regadmin:changeme -H "Content-Type:application/json" https://localhost:8089/api/portal/v1.1/applications/DummyCorpId -d @updateClient.json

Where updateClient.json is:

{
    "id": "DummyCorpId", 
    "description": "Dummy Description", 
    "email": "dummy@dummycorp.com", 
    "name": "New DummyCorp",
    "createdOn": 1434714309524, 
    "enabled": true, 
    "image": null, 
    "organizationId": null, 
    "phone": "phone", 
    "state": null
}


UPDATE OAUTH DATA:

URI/api/portal/v1.1/applications/<ClientAppId>/oauth/<ClientId>
Example: curl --insecure --user regadmin:changeme -X PUT https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth/ClientID  -d @oauthclient_update.json -H "Content-Type:application/json"

Where oauthclient_update.json is:

{
    "applicationId": "DummyCorpId", 
    "cert": "", 
    "corsOrigins": [], 
    "createdBy": null, 
    "createdOn": 1434715843102, 
    "enabled": true, 
    "id": "ClientID", 
    "redirectUrls": [
        "http://www.google.com/redirect"
    ], 
    "secret": "ClientSecret", 
    "type": "confidential"
}

In this case, you should provide applicationId as well. If you don't, the value will be updated to null.


UPDATE OAUTH SCOPE:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauthresource/<resourceId>
Examplecurl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresource/CustomerREADScope -X PUT -H "Content-Type:application/json" -d @updateoauthscope.json

Where updateoauthscope.json is:

{
    "applicationId": "DummyCorpId", 
    "enabled": true, 
    "id": "CustomerREADScope", 
    "isDefault": true, 
    "scope": "customer_READ", 
    "scopes": ["customer_READ"],
    "uriprefix": "customer_READ"
}

DELETE DATA


DELETE ALL APP DATA

URI/api/portal/v1.1/applications/<ClientAppId>
Example: curl --insecure --user regadmin:changeme -X DELETE https://localhost:8089/api/portal/v1.1/applications/DummyCorpId 

DELETE OAUTH DATA:

URI/api/portal/v1.1/applications/<ClientAppId>/oauth/<ClientId>
Example: curl --insecure --user regadmin:changeme -X DELETE https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth/ClientID 


DELETE OAUTH SCOPE:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauthresource/<resourceId>
Examplecurl --insecure --user regadmin:changeme -X DELETE https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresource/CustomerREADScope

REFERENCES


  • http://docs.oracle.com/cd/E39820_01/doc.11121/gateway_docs/content/oauth_app_registration.html 
  • https://docs.oracle.com/cd/E55956_01/index.htm

No comments:

Post a Comment

Please leave your reply!