WmPublic. Allows Integration Server to access protected resources on a resource server using an existing Open Authentication (OAuth) access token.
When a client application requires the OAuth protocol to access a user’s protected resources on a third-party resource server (for example, Facebook, Google, or Twitter), the client application must present an access token on behalf of the user in order to gain access. This service presents the access token to the resource server on behalf of the user.
Note: To use this service, you must have registered the client with the provider's
authorization server and received an access token. You will use the information given to you by the provider to configure this service. For information about registering a client and obtaining an access token, refer to the provider's documentation.
Integration Server uses the Scribe API, a simple open source client implementation, to connect to OAuth providers. The Scribe API provides client implementations for many providers such as Facebook, Google, or Twitter. For information about using the Scribe API, see “Usage Notes” on page 117.
Input Parameters
provider String Name of the service provider to which the client will
connect. Integration Server uses this parameter to determine which OAuth client implementation in the Scribe library to use when issuing requests.
Possible values are Google, Facebook, Twitter, and Other (case insensitive).
Note: If set to Other, you must specify a value for providerClass.
providerClass String Name of a class that implements the org.scribe.builder.api.Api
interface.
This parameter is required only when the provider parameter is set to Other.
Note: The org.scribe.builder.api.Api interface is part of the Scribe API. It
facilitates the use of the pub.client.oauth:executeRequestservice to connect to providers other than Google, Facebook, and Twitter. For more information about org.scribe.builder.api.Api see the “Usage Notes” on page 117.
clientID String The client identifier assigned to the client by the provider.
The clientID is used to authenticate the client to the provider. The value is assigned by the provider at registration time.
3 Client Folder
clientSecret String The secret assigned to the client when it registered with the
provider.
Use this parameter to specify either the client secret or the key to the client secret in the outbound password store. For information
about using the outbound password store, see “Usage Notes” on
page 117.
accessToken String The access token assigned to the client application when it
registered with the provider.
Note: The process for obtaining the accessToken varies depending on
the provider. For information about obtaining the accessToken, refer to your provider's documentation.
Use this parameter to specify either the access token or the key to the access token in the outbound password store. For information
about using the outbound password store, see “Usage Notes” on
page 117.
acccessTokenSecret String Optional. The access token secret assigned to the client
application when it registered with the provider.
Note: The process for obtaining the accessTokenSecret varies
depending on the provider. For information about obtaining the
accessTokenSecret, refer to your provider's documentation.
Use this parameter to specify either the access token secret or the key to the access token secret in the outbound password store. For information about using the outbound password store, see “Usage Notes” on page 117.
Note: Not all providers use an access token secret. If the provider
issued a secret with the token, you must specify it with the
accessTokenSecret parameter.
resourceUri String The URI to use to when issuing the request to the provider. method String The HTTP method Integration Server will use to issue the
request to the provider.
Possible values are get, post, put, and delete.
headers Document List Optional. One or more name/value pairs to add to
the header of the request sent to the provider.
queryString Parameters
Document List Optional. One or more name/value pairs to add to
the URL of the get request sent to the provider.
bodyParameters Document List Optional. One or more name/value pairs to add to
3 Client Folder
Output Parameters
Usage Notes
Since the values for the clientSecret, accessToken, and accessTokenSecret parameters contain sensitive data, you might want to consider storing their values in the
Integration Server outbound password store. For information about services you can use to store these values in the outbound password store, see the
pub.security.outboundPasswords in the About the Security Elements folder.
If you decide to use the outbound password store, the value for each parameter (clientSecret, accessToken, and accessTokenSecret) must match the key you supplied in the pub.security.outboundPasswords services. Integration Server uses that key to retrieve the values from the store, then uses the values to send the request to the provider.
requestDataType String Optional. If supplying data with the request to the provider,
indicates the data type of the requestData parameter. If set to:
bytes, requestData must be a byte[]. This is the default.
string, requestData must be a java.lang.String.
requestData Object Optional. Data to include in the body of the request sent to
the provider. The value can be a string or a byte[].
The data type of requestData must match what is specified by the
requestDataType parameter. requestData is ignored if bodyParameters
is specified.
responseDataType String Optional. Indicates the data type of the responseData output
parameter. Set to:
stream to return the responseData as a java.io.InputStream. This
is the default.
bytes to return the responseData as a byte[].
string to return the responseData as a java.lang.String,
constructed using the default platform encoding (indicated by the file.encoding Java system property, or UTF-8 if
file.encoding is not set).
responseData Object The response from the provider. If the responseDataType is
set to:
stream, responseData is a java.io.InputStream.
bytes, responseData is a byte[].
string, responseData is a java.lang.String, constructed using the default platform encoding (indicated by the file.encoding Java system property, or UTF-8 if file.encoding is not set).
3 Client Folder
If you decide not to use the outbound password store, Integration Server sends the request to the provider using the values you supply with the clientSecret, accessToken, and accessTokenSecret parameters.
You can use this service to connect to OAuth providers other than Google, Facebook,
and Twitter by setting the provider parameter to Other and the providerClass parameter to the name of an org.scribe.builder.api.Api implementation. The org.scribe.builder.api.Api interface is defined in the Scribe open source API. For this approach, Software AG recommends the following:
That you download the Scribe API source code from the GitHub website. You can
either browse the code or generate the Javadoc for the Scribe classes using the
following command: javadoc -sourcepath
your_scribe_install_dir/src/main/java -d your_destination_dir
org.scribe.builder.api
That you check the Scribe OAuth library to see if an implementation for the provider that you want to use already exists. Scribe provides client
implementation for many providers other than Google, Facebook and Twitter.
If your provider supports OAuth 2.0, then extend org.scribe.builder.api.DefaultApi20. If your provider supports OAuth 1.0a, then extend org.scribe.builder.api.DefaultApi10a.