Configuring OAuth 2 Security

For RESTful calls that require OAuth 2 security, you can select Oauth 2 as the authentication type, and then enter the required token details and client information to access the service from SBM.

Tip: If you are not able to perform the following steps in Application Repository due to network restrictions, you can optionally use a command-line utility to obtain the required access and refresh tokens. For details, refer to solution S141346.

To configure an endpoint in Application Repository to use OAuth 2 security:

  1. Obtain the Authorization Service URL, Token Service URL, Client Id, Client Secret, and Scope from the application details of your service provider.
  2. Enter the following redirect URL in your service provider's application details:
    (Replace serverName with the host name of your Application Repository server).
  3. In Application Repository, open the Environments tab, and select the target environment.
  4. Click the Endpoints sub-tab.
  5. Select the endpoint that you want to configure from the list. Click Edit or Create.
  6. Modify the endpoint Name and URL to specify the correct server and port number.
  7. In the Authentication drop-down list, select Oauth 2. The OAuth 2 endpoint configuration fields appear.
  8. Enter the data from your service provider into the corresponding fields below.
    • Authorization Service URL

      The URL that displays an authorization prompt. This URL should be available from your service provider's documentation.

    • Token Service URL

      The URL that you will use to request an access token and a refresh token.

    • Client ID / Client Secret

      Used to authenticate against the service provider in order to obtain the access token and refresh token.

    • Scope

      If required by the service provider, enter the scope that indicates the kind of data the service provider makes available. Some service providers require that the scope is appended with each request.

    • Client Username / Client Password

      Used as an alternative to Client Id and Client Secret for basic authentication against the service provider.

  9. Click Save.
  10. Click the refresh icon to obtain a new Access Token and Refresh Token. These tokens are returned by the service provider after successful authentication using the Client ID and Client Secret (or Client Username / Client Password if basic authentication is used instead).
    • Access Token

      SBM uses the access token to connect to the OAuth 2 service provider.

    • Refresh Token

      When the access token expires, SBM uses the refresh token to obtain a new access token.

  11. Click Save again.
The endpoint is now configured to use OAuth 2 security. REST calls made to your service provider using this endpoint are now configured to use OAuth 2 security with the token information that you acquired.