Forum Stats

  • 3,759,903 Users
  • 2,251,613 Discussions
  • 7,870,859 Comments

Discussions

Call a REST webservice that uses oauth 1.0 authentication

Vijayaragavan Ramasamy
Vijayaragavan Ramasamy Member Posts: 18 Red Ribbon

Hi,

Please guide me on invoking a REST api that uses oauth 1.0 version for authentication.

I tried the steps mentioned in the oracle a-team blog, i  get below errors:

oracle.wsm.security.SecurityException: WSM-00398 : The OAuth2 policy configuration property token-uri has an invalid value of "http://host:port/tokens". The value must point to a valid Oauth token endpoint and should be specified in the form "http(s)://host:port/tokens"; it should not be a null or empty string.

Regards,

Vijay

Tagged:

Answers

  • vladodias
    vladodias Member Posts: 2,282
    edited Jan 24, 2019 11:24PM

    Hi mate,

    I'm assuming the value of "http://host:port/tokens" is not in your configuration, i.e. it is purposely edited in the post for information security reasons... otherwise the problem is probably there...

    That said, note that OAuth 2.0 is a complete rewrite of OAuth 1.0 from the ground up, sharing only overall goals and general user experience. OAuth 2.0 is not backwards compatible with OAuth 1.0 or 1.1, and should be thought of as a completely new protocol.

    Now, OWSM supports single-user OAuth use case, which requires providing partial support of OAuth 1.0 protocol in OWSM to use OAuth1 type of access token and token secret to secure the request to an API. OWSM provides new OAuth1 client policy which allows applications to use Twitter API using the statically generated consumer and access tokens. Retrieval of access token is not done by OWSM policy.

    Oracle A-Team blog entry is for OAuth2 and I don't think it will work for your case... You should follow the link below...

    10.8.1 About OWSM Integration with Twitter OAuth server

    https://docs.oracle.com/middleware/12213/owsm/security/GUID-13F43DB4-C837-42C2-B6C5-6D6E07266415.htm#GUID-04F6A9C8-3EEC-…

    Cheers,

    Vlad

    Vijayaragavan Ramasamy
  • User_9VIX3
    User_9VIX3 Member Posts: 1 Blue Ribbon
    edited May 23, 2019 3:21PM

    Vlad,

    We are on version 12.2.1.0.0 and do not see any OWSM policy supporting OAuth1.0

    Is there a patch we need to apply for this policy to be visible

    Appreciate your help in advance.

    Thank you,

    Deepti

  • vladodias
    vladodias Member Posts: 2,282
    edited May 23, 2019 9:29PM

    Hi Deepti,

    I can see it on my JDev 12.2.1.3... I'm unaware of any specific patch just to add the policy...

    You might have to follow all the steps to upgrade to 12.2.1.3... see note below...

    https://docs.oracle.com/en/middleware/lifecycle/12.2.1.3/fupss/upgrading-soa-suite-12c-bam-previous-12c-release.html#GUI…

    Note:

    If you are upgrading from a previous 12c release (12.1.3.0, 12.2.1.0, or 12.2.1.1), you must complete all of these tasks to upgrade to 12c (12.2.1.3.0) . Do not attempt to update the existing domain by installing the 12.2.1.3.0 distributions into the same Oracle home. Moving the domain to 12.2.1.3.0 is not a patch set installation.

    pastedImage_0.png

    Cheers,

    Vlad