How to use Resource owner password credentials in a script? OAUTH2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-27-2024 05:38 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-27-2024 06:14 AM
Hi @Meloper
First you need to create OAuth entity. Navigate to System OAuth > Application Registry & create a new entry for your application.
Select the Resource Owner Password Credentials as the grant type & fill in the necessary details such as the name and OAuth endpoint.
After creating the OAuth entity, you need to create an OAuth Profile linked to it. Navigate to System OAuth > OAuth Profiles and create a new profile. Configure the necessary endpoints and authorization settings.
Create a new REST message that will handle the token request. You will need to write a script that sends the username and password to the token endpoint to obtain the access token.
following sample script you can utilize for you reference:
(function executeRule(current, previous /*null when async*/) {
// Define the username and password
var username = 'your_username';
var password = 'your_password';
// The OAuth token endpoint (adjust as necessary)
var tokenUrl = 'https://your-auth-server.com/token';
// Create a new REST Message
var restMessage = new sn_ws.RESTMessageV2();
restMessage.setHttpMethod('POST');
restMessage.setEndpoint(tokenUrl);
// Set the request body
restMessage.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
// Create the request payload for ROPC
var requestBody = 'grant_type=password';
requestBody += '&username=' + encodeURIComponent(username);
requestBody += '&password=' + encodeURIComponent(password);
requestBody += '&client_id=your_client_id'; // Optional: if your API requires a client ID
restMessage.setRequestBody(requestBody);
// Send the request
var response = restMessage.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
// Check the response status
if (httpStatus === 200) {
var jsonResponse = JSON.parse(responseBody);
var accessToken = jsonResponse.access_token;
gs.info('Access Token: ' + accessToken);
// You can now use this access token in further API calls
} else {
gs.error('Failed to obtain access token. Status: ' + httpStatus + ' Response: ' + responseBody);
}
})(current, previous);i hope my answer helps you to resolve your issue, if yes please mark my answer helpful and correct.
thank you
rajesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-27-2024 10:10 AM - edited ‎09-27-2024 10:15 AM
Wow, thank you, what a detailed answer.
Respect.
In my case, I have already stored the client ID and the secret in the application registry record.
this Record has a Profil, and the Rest Message is assigned to that Profil.
Do I still have to add this to the script again, as you write? Question would be the same for the header, if its is still mentioned in the sys_rest_message_fn embedded list of the Rest Message
requestBody += '&client_id=your_client_id'; // Optional: if your API requires a client ID
Question would be the same for the header, if its is still mentioned in the sys_rest_message_fn embedded list of the Rest Message
I would also like to know why your BODY is like a string and does not have to be built in JSON format?
And the last question would be, if I already set my header in the rest message, i.e. fill in the name and value pair in the list, will this be automatically adopted if I load exactly this rest message with the first line
var restMessage = new sn_ws.RESTMessageV2('Rest Message Name', 'HHTP Methode');
without putting it together completely in the script?
And last but not least, when i need to add another Info in the Body, like "ressource", should i do it the same way?
