Ceptor - Get a Free Trial

Task - Acquire OAuth2 Token

Owned by Kim Rasmussen
Last updated: Jan 08, 2019 by Jesper Nielsen (Unlicensed)
3 min read

This task allows you to acquire an Oaut2 token before further calls are made (either proxied to a destination or handled further in the pipeline). The task will cache the token untill it times out and if a refresh token is provded by the token provider the token will be refreshed instead of acquired from new.


Acquire Oauth2 token

Description

Contains a description of the task, enter the reason for its existence here.

JSON key: description
Default value: Blank

Provider endpoint

The endpoint to fetch the oauth2 token from. This endpoint is mandatory.

JSON key: input
Default value: None

Timeout

The timeout reading the oauth2 token from the token provider - in seconds.

JSON key: timeout
Default value: 10

Client ID

The client id to use when acquiring the oauth2 token from the provider. The client id can be provided through a script if needed (looked up in a database or similar) or just be provided directly. See Scripts and Macros for details on how to specify macro content and scripts.

JSON key: clientid
Default value: none

Secret

The secret to use along the client id when requesting a new token from the provider. Like the client id the secret can be provided directly or through a macro or script. See Scripts and Macros for details on how to specify macro content and scripts.

JSON key: secret
Default value: none

Apply Bearer Token Directly

A convenience checkbox specifying that the task should directly add the acquired token as an authorization bearer token to the outgoing request. If not checked the token can be put into a request attribute instead and manually added later on as needed.

JSON key: target.requestheader
Default: false

Target attribute

If filled, the acquired bearer token will be added to the request property with name provided here. Use this if you have further tasks in the pipeline and you want to use the token in those (for example a RetrieveURLTask requiring the token)

JSON key: target.attribute.name
Default: none

Claims

A list of additional claims that can be added when requesting a new oauth2 token. Different providers might require one or more additional claims along with the client id and secret. Such claims can be added here. For example calling the Microsoft token provider requires a resource to be added or no token will be returned. The value of each claim can be given through a macro or script of needed. See Scripts and Macros for details on how to specify macro content.


.JSON key for the array: claims (name and value for the individual claims in the array).

Default: none

JSON Configuration

Below, is an example JSON showing how a configuration used to aquire a token from the Microsoft login service could look for a tenant "abcdefg123456".


{
    "class": "io.ceptor.pipeline.tasks.OAuth2TokenTask",
    "description": "Acquire OAuth2 token for calls to a backend service",
    "endpoint": "https://login.microsoftonline.com/abcdefg123456/oauth2/token"
    "timeout": 5,
    "clientid": "abcdefg-123456-abcdefg-123456",
    "secret": "KHFNFWNF8768OWPFOIMWPOWf9/O=",
    "target.requestheader": true,
    "claims": [{
        "name": "resource",
        "value": "https://graph.microsoft.com"
    }],
}

© Ceptor ApS. All Rights Reserved.