4 Replies Latest reply on Feb 11, 2015 9:17 PM by Kris Rice-Oracle

    Bug: Registering an application for 3rd-party-authorization (oAuth2)


      Hello Dev Team,


      i just was working with the "Creating an Image Gallery"-example from the "Oracle REST Data Services" documentation http://www.oracle.com/technetwork/developer-tools/rest-data-services/documentation/listener-dev-guide-1979546.html#example_creating_an_image_gallery and tried to register an application for 3rd-party-authorization following chapter "Registering the 3rd party application".


      I called the register application with URI /ui/oauth2/clients/ as described. Here the problem started. The page loaded without any styles and scripts! So, the registering process could not be completed due to missing scripts. A quick look with the developer tools of the browser revealed broken links to static content of the register application. The page tried to load static content from /js und /css subdirectories but could not find any.


      After trying different things i finally stepped down the directory structure below the <TOMCAT_HOME>/webapps/ords-root and found a file called static.jar in WEB-INF/lib. A listing of the content of the jar file showed the problem. Inside the jar-file there is a directory structure like this: www/<lang_code>. And here is the source of the problem: The subdirectories for js and css are only available for lang code "en", not for any other language! But my browser is running in german language environment!


      The workaround was to change the language of my browser to English and the application page now loaded as expected. But it would be very helpful if you could fix this problem in a future release.


      Here some details of my system environment:

      ORDS v2.0.10 running on Apache Tomcat on Linux

      Tested with Google Chrome in a german environment




        • 1. Re: Bug: Registering an application for 3rd-party-authorization (oAuth2)

          Hi Jens


          Thank you very much! You saved my day!




          • 2. Re: Bug: Registering an application for 3rd-party-authorization (oAuth2)
            Kris Rice-Oracle

            Thanks for the feedback. 


            For 3.0, this entire area is being overhauled and is much much nicer.



            • 3. Re: Bug: Registering an application for 3rd-party-authorization (oAuth2)

              Hallo Kris,


              thank you for answering. Maybe you can answer me another question in this context?


              As you could see with my forum post, i set up a secured REST Api with Apex and ORDS. Everything went fine and i can now connect to the webservice by using the Authorization flow of oAuth2.


              Our use case is to have a java program running in remote environments. These programs will call the webservice and do something with the results. On side of the server i need to know what specific client is connecting to provide only relevant data for the client. I plan to use the oAuth2-3rd-party-registration to achieve this. So for each local installation i would register a new 3rd-party-application and use the client id and secret for the authentication process.


              I browsed the APEX_040200 schema to better understand where and how the meta data are stored and found the WWV_FLOW_RT-tables (and the related APEX views) storing all the interesting information. But there is on missing link. Can you tell me how i can determine in SQL/PLSQL (behind the REST method) the identity of the client that is currently connected? Are there any environment variables i can use? The best scenario would be if i would get the current client identifier registered with ORDS, maybe determined by using the current access token.


              Thank you for any suggestions.




              • 4. Re: Bug: Registering an application for 3rd-party-authorization (oAuth2)
                Kris Rice-Oracle

                In danger of sounding like a broken record, in 3.0 everything has changed.  We will be installing an ORDS_METADATA schema which hold all the information now.  APEX will no longer be required at all.


                I'm not sure the template can today know what the client is directly.  You would have to get the bearer token and start in wwv_flow_rt$user_sessions. From there to the $approvals which has a client_id in it. Which finally gets you to the $clients table.


                Hope that helps.