Configure OAuth2 Authentication for RESTful API Service (Magic xpi 4.14)
You will require an OAuth2 Issuer like Azure, Salesforce, Keycloak for providing identity and API access by issuing OAuth access tokens.
-
On the RESTful API Service, set the authentication to OAuth2.
-
Save the service. On save it will generate the <Project Name>_<Service Name>_serviceDefinition.xml file under <xpi project>\RESTful API\<ServiceNameFolder>.
-
Open this file in a text editor. Here you can see a securityDefinition element and under this element, there will be an OAuth2 element.
-
Under this element you can add an entry for one or more OAuth2 issuers. Add one row for each issuer in the syntax below:
<resourceServer issueUri="Your Oauth2 Issuer">
Here replace the OAuth2 Issuer with your issuer URL.
-
Magic xpi supports path level security which is in compliance with Open API specification. To assign security or role to each path, go to each endpoint element and assign the appropriate role to the path in the format given below:
<security roles="myroles">
These roles have to be defined on the issuer side. If no role is assigned, then the API can be accessed without any authentication.
|
|
Each path already contains a security role added as XML comments. You can uncomment and re-use it.
|
If you now try to access the service without the appropriate role, then you will see a 403 Forbidden header in the response.
-
Copy this file to the rest-services folder of your Web Server.
-
Refer to the documentation of the OAuth2 issuer for generating the Access token, Client ID, Client Secret and other OAuth2 related parameters.
|
|
Once copied to the Web Server any changes done to this file are dynamic. No server restart is required for the changes to reflect. If you are using any client like Postman, you might have to clear the session cookie for the changes to reflect.
|
