Authenticating Oracle Integration flows using OAuth token from 3rd party provider by Prakash Masand
Blog: PaaS Community
As Oracle Integration customers look to embrace the multi-cloud strategy, they will have cross-cloud business applications & processes. In the context of a realistic business solution, customers will end up having a business requirement to integrate the business applications and services across multiple cloud providers. As an example, let’s say the customer has a business application running on a non-Oracle Cloud provider like Microsoft Azure. This business application now has a requirement to fetch the information from the Oracle Cloud applications. In normal circumstances, one would acquire the token from the Oracle Identity Cloud Service, to fetch the information from Oracle Cloud applications. However, in a multi-cloud vendor solution, this will cause additional complexity of handling multiple tokens lifetime, additional security risk, etc. In such a scenario how good it would be if one can fetch information or I may say integrate with cross-cloud vendor applications using OAuth token in hand. This is exactly the topic of my blog i.e. how one can invoke the Oracle Integration flow using the 3rd party OAuth providers.
I will expound on the same example I portrayed earlier as a sample use case for the blog, we will see how one can use the OAuth token obtained from Microsoft Azure AD to invoke the Oracle Integration flow.
Let’s now talk about the highlevel solution, we will be leveraging a couple of Oracle Cloud Infrastructure services viz. Oracle API Gateway and Oracle Functions. At an outset, we will use the OCI API gateway to be the front end of our Oracle Integration flow. Oracle API Gateway supports using the authorizer function as an extra logic layer for authenticating the APIs. This is exactly what we want i.e. we would like to build logic to validate the OAuth token received from callee and exchange it with the required token from the Oracle Identity Cloud Service for invoking the OIC flow. Let us now visualize the solution flow graphically:
As you can see from above, here the process starts with the user/business application acquiring the OAuth token from Microsoft Azure AD, once acquired it invokes the endpoint exposed through Oracle API Gateway. Oracle API Gateway will be invoking the custom authorizer Oracle Function (based on configuration) and then invokes the real backend endpoint i.e. Oracle Integration flow.
Let us now dive into the details of implementing the above process/flow, for the sake of simplicity I am going to divide the above process into three steps viz. 1) Oracle Integration/IDCS configuration 2) Oracle Function custom authorizer implementation 3) Oracle API Gateway configuration. Read the complete article here.
For regular information on Oracle PaaS become a member in the PaaS (Integration & Process) Partner Community please register here.