Versions Compared

Old Version 12

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Once Web applications are published and accessed through WSO2 App Manager gateway, user is authenticated using the SAML SSO. However, there can be Web applications which internally call OAuth-secured APIs. In this feature, you can use the same SAML token generated by WSO2 App Manager gateway, and get an OAuth2 access token by calling the token endpoints used by these APIs. The below diagram depicts this scenario.

Obtaining an Auth2 token by providing a SAML token flow diagram

 

Table of Contents
maxLevel3

















Publishing the Web application for obtaining an OAuth2 access token 

 If a particular Web application needs to access OAuth-secured APIs internally, it needs to provide the following OAuth parameters of the APIs in the Step 4 - Advanced Configuration of creating the Web application.

...

  1. Log in to the App Publisher of WSO2 App Manager using the following URL with admin/admin credentials: http://<IP_ADDRESS>:9763/publisher
  2. Click on the Pizza Shack application in the Web applications list.
  3. In the the Overview section of the Web application, click OAUTH Parameters tab.
    You can see the consumer/secret keys generated for it in WSO2 App Manager as follows.

Invoking

...

WSO2 AppM token API from the Web app

WSo2 App Manager itself provides a token API. Web applications need to call this token API with the consumer/secret key pair [WCk1, WCSk1] provided by the App Manager, when they need to get an access token for a particular API. 

...

Code Block
languagejava
String apiAlias = "pizzashack";
String applicationToken = base64Encode(WCk1 + ":" + WCSk1);
String payload = "grant_type=SAML2&scope=" + samlTokenId + "," + apiAlias;
httpClient.doPost("http://localhost:8280/token", applicationToken, payload, "application/x-www-form-urlencoded");

 
  • apiAlias - the alias name given when registering the API details in the App Manager publisher.  
  • applicationToken - the base64 encoded value of consumer/secret key pair provided by the App Manager.  
  • payload - the payload needs to send the grant type and the scope value. Grant type need to be set as SAML2.  Scope Scope should contain the value of samlTokenId cookie and apiAlias as comma -separated strings.
  • httpClient.doPostthe token API provided by the App Manager. Change it with the define port offset accordingly.
Note

For more information on obtaining an OAuth2 token by providing a SAML token, see the Pizza Shack sample.