Implementing Oauth2.0 with Oracle Api Gateway 11.1.2.3.0 with 2 nodes by Marcelo França

clip_image011Introduction

Recently I participated of a project with Oracle API Gateway it uses Oauth2.0 for authenticate and authorize partners to call some APIs. The flow is simple, the partner calls the OAG through method POST with client ID and secret ID and then return the access token with scopes. This works well while it was in Development environment with single node Gateway, but when it runs in UAT environment with two nodes Gateway not in the same machine, the client reaches node 1, everything goes well and OAG/OAuth can authenticate the user. In node 2, however, OAG can’t find the OAuth client_id and the authorization is denied.

Oracle Api Gateway by default installs and uses Cassandra database for store token, access code and client for authorization. When it need to distribute through two nodes is required a shared structure to store this information. This article describes how to create the new shared structure using the Oracle Database.

Tested Environment Requiriments

OAG-11.1.2.3.0

· oagpolicystudio

· apigateway server

Plugin Firefox

· Http Requester

Oracle Database Express Edition 11g Release 2

Setup environment

1 – Run scripts of path:

OAG_HOME/apigateway/system/conf/sql/Oracle

· kps.sql

· oauth-client.sql

· oauth-server.sql

2 – Change parameter policystudio for show hidden files

Edit the file OAG_HOME/oagpolicystudio/policystudio.ini and include the line in the end of file:

-Dshow.internal.kps.collection=true

3 – Create database connection

Initiate the Policy Studio tool connect in the gateway 1, go to the tab “Database connections” and create the new database connection with the name “OAuth KPS Database”

clip_image001

URL : jdbc:oracle:thin:@myenvironment:1521:xe and after click Test Connection, you should to see Test Connection OK.

4 – Change Data Sources OAuth

4.1 – Go at Key Property Stores > OAuth tab Data Sources click add

clip_image003

4.2 – Select the option Database, write the name “OAuth KPS Connection” and Database connection choose the value created at step 3 “OAuth KPS Database” and OK.

clip_image005

4.3 – Back to tab properties option “Default Data Source” select item created at step earlier “OAuth KPS Connection” after click Save.

clip_image007

5 – Change Data Sources API Server

Repeat the steps 4.1, 4.2 and 4.3 for item “API Server”

clip_image008

6 – Alter OAuth Stores

Go to option Libraries > OAuth2 Stores > Access Token Stores > OAuth Access Token Store, click Edit “Access Token Store“ and select “Store in a database“ choosing the item “OAuth KPS Database”.

clip_image010

7 – Repeat the step 6 for items below:

· Libraries > OAuth2 Stores > Authorization Code Stores > Authz Code Store

· Libraries > OAuth2 Stores > Client Access Token Stores > OAuth Client Access Token Store

8 – Test Configurations, Open Firefox and go to http requester plugin.

8.1 – Server 1 get token.

Call service https://server1:port/api/oauth/token

grant_type=client_credentials&client_id=SamplePublicApp&client_secret=3b001542-e348-443b-9ca2-2f38bd3f3e84&format=xml

clip_image011

clip_image012

8.2 – Server 2 with token info.

Call service https://server2:port/api/oauth/tokeninfo with token recovered at item 8.1.

access_token=Ux1PtRGmySxZ1nf1mUD2oJNqxbQ4E7ETTzKUfiHwxhwo49wutLRwMS

clip_image013

clip_image014

Conclusion

Now we be able to use Oracle API Gateway with two or more nodes, sharing the same Database repository.

References

http://docs.oracle.com/cd/E39820_01/doc.11121/gateway_docs/content/oauth_flows.html

https://docs.oracle.com/cd/E50612_01/doc.11122/oauth_guide/content/oauth_intro.html

https://docs.oracle.com/cd/E50612_01/doc.11122/oauth_guide/content/oauth_setup.html

 

Marcelo FrançaMarcelo Gimenes França

Senior Consultant

Oracle LAD Consulting

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Advertisements

About Jürgen Kress
As a middleware expert Jürgen works at Oracle EMEA Alliances and Channels, responsible for Oracle’s EMEA Fusion Middleware partner business. He is the founder of the Oracle SOA & BPM and the WebLogic Partner Communities and the global Oracle Partner Advisory Councils. With more than 5000 members from all over the world the Middleware Partner Community is the most successful and active community at Oracle. Jürgen manages the community with monthly newsletters, webcasts and conferences. He hosts his annual Fusion Middleware Partner Community Forums and the Fusion Middleware Summer Camps, where more than 200 partners get product updates, roadmap insights and hands-on trainings. Supplemented by many web 2.0 tools like twitter, discussion forums, online communities, blogs and wikis. For the SOA & Cloud Symposium by Thomas Erl, Jürgen is a member of the steering board. He is also a frequent speaker at conferences like the SOA & BPM Integration Days, JAX, UKOUG, OUGN, or OOP.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: