Outbound OAuth2
- Rachana Mannath
- John Brinckwirth
- Ankur Parekh
In this article
Overview
The Outbound OAuth2 Policy allows the API usage by authorized users and applications. This policy sets specific OAuth2 parameters such as authorization URL's which are generated through access tokens with client credentials (client ID and client secret) to enforce OAuth2 authentication for upstream API calls. Preconfigured OAuth2 accounts are needed for connection with the backend service, so you can access third-party URL's through the Proxy.
The OAuth2 Outbound Policy is not available for APIs and API versions.
The accounts used in the policy automatically reflect the changes made in the OAuth2 account itself.
If you delete an account, it will invalidate the policy and will display an error when the deleted account is referenced. In this case, you must select another account by navigating to the Policy Setting.
Prerequisites
Preconfigured Valid and Authenticated OAuth2 Accounts
Supported Account Types
REST OAuth2 Account
REST Dynamic OAuth2 Account
Azure AD OAuth2 Account
HTTP Client OAuth2 Account
OAuth SSL Accounts
Policy Execution Order
The Outbound OAuth2 Policy executes after all policies, when the proxy calls the upstream API.
All expression enabled fields take expressions from the SnapLogic Expression Language and the API Policy Manager functions.
Settings and Account Tab
Field names with an '*' (Asterisk symbol) suffix are mandatory fields.
Parameter Name | Field Type | Description | Default Value | Example | |
|---|---|---|---|---|---|
Setting Tab | |||||
Label* | String | Required. The name for the API policy. | Outbound OAuth2 | Outbound RESTOAuth2.0 Policy | |
When this policy should be applied | String/Expression | An expression enabled field that determines the condition to be fulfilled for the API policy to execute. For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST. | N/A | request.method == “POST” | |
Token Location* | Dropdown List | Select the Token location as Header/Body/Query | Header | Header | |
Header | Authorization Scheme* | Dropdown List | Select Bearer/Custom Authorization Scheme if you have selected the Header option from the dropdown list. | Bearer | Bearer |
| Custom Authorization Scheme
| String | Add your Custom Authorization Scheme here. |
| N/A |
Body | Request Body Key
| String | Enter JSON key with the value of the token. | N/A | N/A |
Query | Query String Parameter Name
| String | Name the Query String Parameter. | N/A | N/A |
Status | Dropdown List | Specifies whether the API policy is enabled or disabled. | Enabled | Enabled | |
Account Tab | |||||
Account Reference* | Dropdown List | Select a preconfigured OAuth2 account from the dropdown list that is configured in the Global Org >Shared Folder. | N/A | ../../shared/OutboundPolicyRestOAuth2 | |
Call an Ultra or Triggered Task using a Proxy with OAuth
The following example gives the steps to call an Ultra or Triggered Task using a Proxy. This is a common use case that enables users to apply policies in APIM on their Ultra and Triggered Task endpoints.
Create a Proxy API. For the endpoints, use one or more of the URLs listed on the Task Details page.
Note: the Bearer Token below the Cloud URL, which you will use for authentication.At the Proxy level, add an Outbound OAuth policy.
In the Outbound OAuth policy, click the Accounts tab and add a REST Dynamic OAuth2 account to set up authentication.
If a REST Dynamic OAuth2 account does not exist, create one in Manager, using the Task Authorization as the Access token value.Switch to your API client:
Copy and paste the URL from the Proxy endpoint into the client URL field.
Call the Proxy endpoint, using the token as the Auth Type.
Click Send and observe the response.
Result: Your API call returns a HTTP status code: 200. You can view the pipeline execution details on the Task Details page.
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.