This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to use OAuth 2.0 with Application Server via RESTful API


Currently we have an application that communicates with the 1IM system via the RESTful API provided by the application server. This communication is currently done via the RoleBasedEmployee Authentication Module. 

We are looking into changing this so the application uses the OAuth2.0Rolebased Authentication Module.

I have managed to enable the OAuth2.0 authentication module itself, this was easy enough. However the next step seems to be rather unclear in the current documentation. Within designer > configuration parameters > Person there is a parameter called OAuthAuthenticator, followed by many OAuth specific parameters. I know I have to enable this to allow a user to login via the RESTful API using OAuth2.0.
Where I am getting stuck / failing to understand is what I need to get OAuth2.0 working with those configuration parameters. 

Does 1IM come with an identity provider / service internally for OAuth2.0? Or do we need to implement one / use an external provider such as google etc...?

Any insight or help is greatly appreciated.

Thank you.


  • I have Oauth2 working with both ITshop and the Application server via their respective web interfaces. I am trying to make API calls via Postman using an existing Oauth2 token in v7.1.2. I have been trying this string: {"authString":"Module=OAuthRoleBased;Code=E2-rs4BmRnpFFIah9Y9L7kzrWz4;RedirectUri=http://web.d1im.local/D1IMAppServer/login"}; "Should" this work? This token/code is from my Oauth2 provider. The error I get from the logs: 

    "---> (Inner Exception #0) VI.Base.ViException: Failed to authenticate user. ---> QER.OAuthAuthentifier.OAuth2Exception: invalid_grant. Token is not an authorization code token: E2-rs4BmRnpFFIah9Y9L7kzrWz4" 

    or depending on which redirect URL I use: 

    "---> (Inner Exception #0) VI.Base.ViException: Failed to authenticate user. ---> QER.OAuthAuthentifier.OAuth2Exception: invalid_grant. The provided access grant is invalid, expired, or revoked."

    What would Oauth2 API authentication steps look like? I currently authenticate using the same clientid in my app, then use the token returned from that in this call. 

  • The code parameter in the authentication string expects the authorization code, not the access token.

Reply Children
No Data