Once Web applications are published and accessed through WSO2 App Manager gateway, user is authenticated using the SAML SSO. However, there can be Web applications which internally call OAuth-secured APIs. In this feature, you can use the same SAML token generated by WSO2 App Manager gateway, and get an OAuth2 access token by calling the token endpoints used by these APIs. The below diagram depicts this scenario.
Table of Contents maxLevel 3
| maxLevel | 3 |
|---|
Publishing the Web application for obtaining an OAuth2 access token
...
| Code Block | ||
|---|---|---|
| ||
String apiAlias = "pizzashack";
String applicationToken = base64Encode(WCk1 + ":" + WCSk1);
String payload = "grant_type=SAML2&scope=" + samlTokenId + "," + apiAlias;
httpClient.doPost("http://localhost:8280/token", applicationToken, payload, "application/x-www-form-urlencoded");
|
apiAlias- the alias name given when registering the API details in the App Manager publisher.applicationToken- the base64 encoded value of consumer/secret key pair provided by the App Manager.payload- the payload needs to send the grant type and the scope value. Grant type need to be set as SAML2. Scope should contain the value ofsamlTokenIdcookie andapiAliasas comma -separated strings.httpClient.doPost- the token API provided by the App Manager. Change it with the define port offset accordingly.