1. Using the Rapid Adapter Builder with Oracle Integration 3
  2. Work with the Adapter Definition Document
  3. Update Connection Definitions
  4. Understand Security Policies in Connection Definitions
  5. Learn About Security Policies for Invoke Connections
  6. OAuth 1.0 One-Legged Authentication

OAuth 1.0 One-Legged Authentication

To support invoking of OAuth 1.0a-secured APIs, use the OAUTH_ONE_TOKEN_BASED managed security policy. You can customize the security policy as needed for a connection definition.

Overview

OAuth 1.0a (One Legged) enables a client to make authenticated HTTP requests to gain access to protected resources by using their credentials.

This method includes two sets of credentials with each request. One set of credentials identifies the client, and the other set identifies the resource owner. Before a client makes authenticated requests on behalf of the resource owner, the client must obtain a token authorized by the resource owner.

To add the OAuth 1.0 One-Legged Authentication policy to your document, use the available authentication scheme template. See Implement a New Connection Definition.

Note:

By default, this security policy exposes all the fields to the integration developer in Oracle Integration. However, you can choose to hide fields that have fixed values.

Security Properties

A connection definition that uses this security policy defines the following properties in the securityProperties section. See Connection Properties and Sample Code.

The values in the name, displayName, shortDescription, and description columns list the default values that appear when you insert a security policy into an adapter definition document. You can update these values if needed.

name displayName shortDescription description Data type Required

oauth_consumer_key

Consumer Key

Registered consumer key.

Used to identify the client that is making the request.

String

Yes

oauth_consumer_secret

Consumer Secret

Registered consumer Secret.

Used to authorize the client that is making the request.

Password

Yes

oauth_token

Token

Registered token

Used to access protected resource.

String

Yes

oauth_token_secret

Token Secret

Token secret provided by server.

Used for generating signature for the request.

Password

Yes

realm

Realm

Account identifier.

Used for identifying the account.

String

No

Sample Code: OAuth 1.0a (One Legged)

The following sample code shows the default configuration of the OAuth 1.0A One Legged authentication security policy:

  {
    "type": "managed",
    "policy": "OAUTH_ONE_TOKEN_BASED",
    "displayName": "OAuth 1.0 One Legged Authentication",
    "scope": "ACTION",
    "securityProperties": [
      {
        "name": "oauth_consumer_key",
        "displayName": "Consumer Key",
        "description": "Used to identify the client that is making the request.",
        "shortDescription": "Registered consumer key.",
        "hidden": false,
        "required": true
      },
      {
        "name": "oauth_consumer_secret",
        "displayName": "Consumer Secret",
        "description": "Used to authorize the client that is making the request.",
        "shortDescription": "Registered consumer Secret.",
        "hidden": false,
        "required": true
      },
      {
        "name": "oauth_token",
        "displayName": "Token",
        "description": "Used to access protected resource.",
        "shortDescription": "Registered token.",
        "hidden": false,
        "required": true
      },
      {
        "name": "oauth_token_secret",
        "displayName": "Token Secret",
        "description": "Used for generating signature for the request.",
        "shortDescription": "Token secret provided by server.",
        "hidden": false,
        "required": true
      },
      {
        "name": "realm",
        "displayName": "Realm",
        "description": "Used for identifying the account.",
        "shortDescription": "Account identifier.",
        "hidden": false,
        "required": false
      }
    ]
  }
]