OAuth 1.0 One-Legged Authentication
To support invoking of OAuth 1.0a-secured APIs, use the OAUTH_ONE_TOKEN_BASED
managed security policy. You can customize the security policy as needed for a connection definition.
Overview
OAuth 1.0a (One Legged) enables a client to make authenticated HTTP requests to gain access to protected resources by using their credentials.
This method includes two sets of credentials with each request. One set of credentials identifies the client, and the other set identifies the resource owner. Before a client makes authenticated requests on behalf of the resource owner, the client must obtain a token authorized by the resource owner.
To add the OAuth 1.0 One-Legged Authentication policy to your document, use the available authentication scheme template. See Implement a New Connection Definition.
Note:
By default, this security policy exposes all the fields to the integration developer in Oracle Integration. However, you can choose to hide fields that have fixed values.Security Properties
A connection definition that uses this
security policy defines the following properties in the
securityProperties
section. See Connection Properties and Sample Code.
The values in the name
,
displayName
,
shortDescription
, and
description
columns list the default values
that appear when you insert a security policy into an adapter
definition document. You can update these values if needed.
name | displayName | shortDescription | description | Data type | Required |
---|---|---|---|---|---|
|
|
|
|
String |
Yes |
|
|
|
|
Password |
Yes |
|
|
|
|
String |
Yes |
|
|
|
|
Password |
Yes |
|
|
|
|
String |
No |
Sample Code: OAuth 1.0a (One Legged)
The following sample code shows the default configuration of the OAuth 1.0A One Legged authentication security policy:
{
"type": "managed",
"policy": "OAUTH_ONE_TOKEN_BASED",
"displayName": "OAuth 1.0 One Legged Authentication",
"scope": "ACTION",
"securityProperties": [
{
"name": "oauth_consumer_key",
"displayName": "Consumer Key",
"description": "Used to identify the client that is making the request.",
"shortDescription": "Registered consumer key.",
"hidden": false,
"required": true
},
{
"name": "oauth_consumer_secret",
"displayName": "Consumer Secret",
"description": "Used to authorize the client that is making the request.",
"shortDescription": "Registered consumer Secret.",
"hidden": false,
"required": true
},
{
"name": "oauth_token",
"displayName": "Token",
"description": "Used to access protected resource.",
"shortDescription": "Registered token.",
"hidden": false,
"required": true
},
{
"name": "oauth_token_secret",
"displayName": "Token Secret",
"description": "Used for generating signature for the request.",
"shortDescription": "Token secret provided by server.",
"hidden": false,
"required": true
},
{
"name": "realm",
"displayName": "Realm",
"description": "Used for identifying the account.",
"shortDescription": "Account identifier.",
"hidden": false,
"required": false
}
]
}
]