Question

Rest API Call with OAuth

  • 11 November 2022
  • 17 replies
  • 165 views

Badge +3

I am trying to connect to Microsoft dynamics API from A360. Using Ouath2 in postman I am able to connect to API successfully. When I use the bearer token generated in postman (highlighted in Yellow) in AA (Refer second screenshot) I get the API response in AA as well.

My question is how do I perform Oath authentication in AA to generate the token? I don't see any option for Oauth Integration.

 

Postman 

A360


17 replies

Userlevel 5
Badge +9

Hi @Sai Deepan Ramesh​ 

 

As of now we Rest Web Services command package does not support OAuth authentication, you can create DLL for this and use in A360.

Badge +3

Thanks for the quick reply. Does that mean I need to use C# to generate a function which returns the token and then use the token in AA Rest api call?

Are there any examples or documentation of OAuth authentications using dll?

Userlevel 3
Badge +7

Hi @Sai Deepan Ramesh​ ,

 

Correct me if I'm wrong, but even in OAuth there is an API that consumes the Client ID, Client Secret etc and spits out a Authorization Token that you can use to perform operations with right?

 

Either that, or there is a fixed Authorization value that is generated as you create OAuth.

You can hit the API to generate the access token, or you can store the Authorization as a credential and retrieve that while hitting the API.

 

I've used something similar in the processes I've developed long ago but don't remember them exactly(which is why whatever I've written above is a jumbled up mess, apologies) but to answer your question(which I should have done in the start), No.

 

Automation 360 doesn't have OAuth, at least not yet.

Your only option would be to create a custom activity using the Java SDK and handle the token generation there.

 

Here is an example from the Automation 360's GitHub to get you started.

 

Kind Regards,

Ashwin A.K

Userlevel 5
Badge +9

Thanks for the quick reply. Does that mean I need to use C# to generate a function which returns the token and then use the token in AA Rest api call?

Are there any examples or documentation of OAuth authentications using dll?

Yes you are right @Sai Deepan.R 

Userlevel 3
Badge +7

Hi @Sai Deepan.R ,

I believe you’ve integrated the A360 to MS Dynamics using REST API. 

If not please let know, we no need to DLL for connecting REST call using bearer token. we can use the current actions which are available in REST package.

 

Thanks!

 

 

Userlevel 3
Badge +7

Hi @Ashwin A.K ,

 

You’re right, Currently A360 do not supports Oauth methods in REST API. However we can fix the this using the current actions which are available in REST package.

 

Note : I’ve created the ticket for a enhancement (OAuth2.0), I hope we will get this soon.

Badge +2

any update on this oauth option with REST

 

How do I even generate that bearer token which otherwise is generated for a human use on the launch of application on browser(SSO login) generated the token. How do I “steal” that token to further call subsequent calls?

Userlevel 3
Badge +7

Hi @FinDG ,

 

How do I “steal” that token to further call subsequent calls? You mean bearer token 

 

 

Badge +2

@Tamil Arasu10 yes thats right, I have a bearer token generated as i login to a web portal. 

in order to call API(s) for this portal, I need that bearer token auth call to be made first. 

How do I get that bearer token generated or even use from web session token.

Userlevel 3
Badge +7

Hi @FinDG ,

Are you able to generate the token using the Post Man?

Userlevel 7
Badge +12

@Tamil Arasu10 yes thats right, I have a bearer token generated as i login to a web portal. 

in order to call API(s) for this portal, I need that bearer token auth call to be made first. 

How do I get that bearer token generated or even use from web session token.

 

You may refer the below link in case you are having trouble to generate JWT.

https://docs.automationanywhere.com/bundle/enterprise-v11.3/page/enterprise/topics/control-room/control-room-api/api-authentication.html

Badge +2

@Tamil Arasu10 and @Padam.K - Hope you got my query above w.r.t. bearer token. I am NOT referring to the bearer token of AA’s CR API(s). 

 

I have an application which is browser based , when I launch browser , it has 2 calls

 

  1. SSO authentication which lets user login via SSO and bearer token is generated
  2. say I update notes , the corresponding API

I am focused on the 1st one wherein I’d like to capture bearer token via AA

Challenge is , on network tab , I am unable to find SSO auth call.

 

 

Userlevel 7
Badge +12

Hi @FinDG ,

 

@Tamil Arasu10 and @Padam.K - Hope you got my query above w.r.t. bearer token. I am NOT referring to the bearer token of AA’s CR API(s). 

 

I have an application which is browser based , when I launch browser , it has 2 calls

 

  1. SSO authentication which lets user login via SSO and bearer token is generated
  2. say I update notes , the corresponding API

I am focused on the 1st one wherein I’d like to capture bearer token via AA

Challenge is , on network tab , I am unable to find SSO auth call.

 

 

Have you tried with the Pre-request script?

Userlevel 3
Badge +7

Hi @FinDG,

I understand and i'm not referring the CR API’s.

I’ve same case as well. i’ve fixed.

 

Badge +2

@Tamil Arasu10 - Thanks for confirmation. Could you please suggest , how do you capture this bearer token for any web portal which logs you in via SSO.

 

@Padam.K  - How do we use this Pre Request script , any further help there. No, I haven’t used it.

Userlevel 7
Badge +12

@Tamil Arasu10 - Thanks for confirmation. Could you please suggest , how do you capture this bearer token for any web portal which logs you in via SSO.

 

@Padam.K  - How do we use this Pre Request script , any further help there. No, I haven’t used it.

 

In the Collection, not one of the Requests, you will need to setup 2 things.

 

In the Authorization Tab, set the Type to Bearer Token and for the value of the Token put your variable, I used {{BEARERTOKEN}}

 

You can use the Pre-request Script Tab in the Postman to make a call to the API with the correct params, parse the response and set a variable with the Bearer Token.

Of course, you will need to modify to fit your needs, but below is what could work for you. Once it got successful, you will get a JSON response back from the API with the token in the access_token key.

 

pm.sendRequest({
    url: pm.environment.get("url")+"/auth/v1/token",
    method: 'POST',
    header: {
        'Accept': 'application/json',
        'Content-Type': 'application/x-www-form-urlencoded'
    },
    body: {
        mode: 'urlencoded',
        urlencoded: [
            {key: 'username', value: pm.globals.get("UNAME")},
            {key: 'password', value: pm.globals.get("PASS")}
        ]
    }
},
    (err, res) => {
        // Set BEARERTOKEN
        pm.globals.set("BEARERTOKEN", res.json().access_token)
        // console.log(res.json());
});

Badge +2

Thanks @Padam.K  - I appreciate your response above. 

Furthermore, my scenario is as listed below.

 

  1. Consider the JIRA application. When you launch the URL 
  2. https://yourcompany.jira.com (example)
  3. It logs in via SSO , few redirects and then you land on to the home page
  4. Then , say manually you go to any JIRA ticket , say by searching JIRA ID
  5. Then on this JIRA ticket , you go to comments and type in comments and click “Save”

 

Now the API called on step 5 on “Save” button click , is captured in “Network” tab , thats pretty simple POST API call with a simply body tag in request. 

This API call under Authorisation tab, has “Bearer token” passed from the step 3 , SSO redirects.

Unfortunately the step 3 and the microsoft authentication is not captured in “Network” tab so I am seeking what is Microsoft Authentication mechanism i can replicate in AA to capture the “Bearer Token”.

 

Hope this helps understanding my scenario, any recommendations for this scenario?

IF you have to replicate, you can just try any SSO redirect site on your side which has Microsoft SSO authentication. I need to GET Bearer token from that call , using AA.

Reply