Authenticating Oracle Integration flows using OAuth token from 3rd party provider by Prakash Masand

imageAs Oracle Integration customers look to embrace the multi-cloud strategy, they will have cross-cloud business applications & processes. In the context of a realistic business solution, customers will end up having a business requirement to integrate the business applications and services across multiple cloud providers. As an example, let’s say the customer has a business application running on a non-Oracle Cloud provider like Microsoft Azure. This business application now has a requirement to fetch the information from the Oracle Cloud applications. In normal circumstances, one would acquire the token from the Oracle Identity Cloud Service, to fetch the information from Oracle Cloud applications. However, in a multi-cloud vendor solution, this will cause additional complexity of handling multiple tokens lifetime, additional security risk, etc. In such a scenario how good it would be if one can fetch information or I may say integrate with cross-cloud vendor applications using OAuth token in hand. This is exactly the topic of my blog i.e. how one can invoke the Oracle Integration flow using the 3rd party OAuth providers.

I will expound on the same example I portrayed earlier as a sample use case for the blog, we will see how one can use the OAuth token obtained from Microsoft Azure AD to invoke the Oracle Integration flow.

Let’s now talk about the highlevel solution, we will be leveraging a couple of Oracle Cloud Infrastructure services viz. Oracle API Gateway and Oracle Functions. At an outset, we will use the OCI API gateway to be the front end of our Oracle Integration flow. Oracle API Gateway supports using the authorizer function as an extra logic layer for authenticating the APIs. This is exactly what we want i.e. we would like to build logic to validate the OAuth token received from callee and exchange it with the required token from the Oracle Identity Cloud Service for invoking the OIC flow. Let us now visualize the solution flow graphically:

As you can see from above, here the process starts with the user/business application acquiring the OAuth token from Microsoft Azure AD, once acquired it invokes the endpoint exposed through Oracle API Gateway. Oracle API Gateway will be invoking the custom authorizer Oracle Function (based on configuration) and then invokes the real backend endpoint i.e. Oracle Integration flow.

Let us now dive into the details of implementing the above process/flow, for the sake of simplicity I am going to divide the above process into three steps viz. 1)  Oracle Integration/IDCS configuration 2) Oracle Function custom authorizer implementation 3) Oracle API Gateway configuration. Read the complete article here.

PaaS Partner Community

For regular information on Oracle PaaS become a member in the PaaS (Integration & Process) Partner Community please register here.

clip_image003 Blog clip_image005 Twitter clip_image004 LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Technorati Tags: SOA Community,Oracle SOA,Oracle BPM,OPN,Jürgen Kress

About Jürgen Kress
As a middleware expert Jürgen works at Oracle EMEA Alliances and Channels, responsible for Oracle’s EMEA Fusion Middleware partner business. He is the founder of the Oracle SOA & BPM and the WebLogic Partner Communities and the global Oracle Partner Advisory Councils. With more than 5000 members from all over the world the Middleware Partner Community is the most successful and active community at Oracle. Jürgen manages the community with monthly newsletters, webcasts and conferences. He hosts his annual Fusion Middleware Partner Community Forums and the Fusion Middleware Summer Camps, where more than 200 partners get product updates, roadmap insights and hands-on trainings. Supplemented by many web 2.0 tools like twitter, discussion forums, online communities, blogs and wikis. For the SOA & Cloud Symposium by Thomas Erl, Jürgen is a member of the steering board. He is also a frequent speaker at conferences like the SOA & BPM Integration Days, JAX, UKOUG, OUGN, or OOP.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: