OAuth Auth – Credential Enrichment and HTTP Header Sending

If you wanted to add HTTP Headers to the junctioned request, similar to how the old OAuth EAS used to. For example sending the Client ID, or the Token details as HTTP headers, there is an easy way to do this from the OAuth Mapping rule.

Here I am not only adding things like the OAuth STATE ID (The immutable reference identifier for the OAuth request) into the credential, but I’m also sending it as a header to all the junctioned resources.

//In your mapping rule, find a place where the request_type is resource.
if(request_type == "resource")
{
    
    var customoauthstate = 
        OAuthMappingExtUtils.getAssociation(state_id, "STORED_STATE");
    //This is a runtime flow. 
    //Add current token state to request headers
    stsuu.addContextAttribute(new Attribute("CUSTOM-OAUTH-STATE", 
        "urn:ibm:names:ITFIM:oauth:response:attribute", customoauthstate));
    
    var accessURL = stsuu.getContextAttributes()
        .getAttributeValueByNameAndType("path", 
        "urn:ibm:names:ITFIM:oauth:request");
    IDMappingExtUtils.traceString("URL accessed is: " + accessURL);

    
    //Add state_id - to be used by OTP endpoint
    stsuu.addContextAttribute(
       new Attribute("state_id", "urn:ibm:names:ITFIM:oauth:response:attribute", 
       state_id));
    //Using TagValue Always, the Reverse Proxy will send the following
    //Cred attributes as HTTP Headers.
    stsuu.addContextAttribute(new Attribute("tagvalue_always", 
      "urn:ibm:names:ITFIM:oauth:response:attribute", 
      "CUSTOM-OAUTH-STATE:CUSTOM-OAUTH-STATE,state_id:state_id" +
      ",access_token:access_token,oauth_token_client_id:clientId"));
}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

WordPress.com.

Up ↑

%d bloggers like this: