Hi,
I’m having issues finding a step by step guide for how to set up OAuth2 authentication for a Web sevice SaaS source where there need to be made two calls for the authentication instead of one.
As you see we need to use the attributes in a more special way also
The authentication involves the following two calls:
1. Login Auth URL: {{URL}}/v1/oauth2/authorize Method: GET Params: no params Auth type: No auth Headers: client_id, client_secret, grant_type Body: no body Attribute to save from response body: jsonData.value (saved as authorization_code)
2. Login Get token URL: {{URL}}/v1/oauth2/token?grant_type=authorization_code&client_id={{Client-ID}}&source=RESTAPI&state=8 Method: GET Params: grant_type, client_id, source, state Auth type: No auth Headers: username, password, authorization_code (from call 1) Body: no body Attribute to save from response body: jsonData.access_token
After these two we can do the original call to aggregate roles for example.
3. Aggregation roles URL: {{URL}}/v1/securityrole Method: GET Params: no params Auth type: Bearer Token (Token = access_token from call 2) Headers: user, password, site_name, Content-Type, count Body: no body
Do any one of you have experience of setting up something like this and are able to guide me how to this the correct standardized way?
SailPoint will call the operations in the order we define. The output from the first operation will be used in second where the response will be saved in a variable. This variable can be used in second operation.
For this response mappings need to be defined in first operation. In your case it is like
Authorization_Code(Schema Attribute) $.jsondata.value(Attribute Path) Note: To check the correct attribute path user JSON finder tool
E.g
You can use it. It will work. ISC will call the operations in sequence.
Either you can take this approach or you need to write a Webservice Before Operation rule to call the first API and fetch the auth code and pass it to the API call.
