Goal : Configure OAuth2 Authentication for Magic xpi RESTful API Service using Amazon Cognito
1/ Sign on your AWS portal and create a user pool in Cognito
In this user pool, create an application client (MagicxpiAPP)
Copy the client id and client secret
Return to user pool level and clic on Domain
Scroll down and Create a resource server
Create a scope in this resource server
Return to App client level, scroll down and copy the information to get an access token from aws Cognito
2/ Check with Postman that you can get an access token like below
make a POST on your token URL and pass in the body (clientid, client secret, grant type and scope) in urlencoded format
use the information form the previous step.
3/ Check in the token that you get « read » (scope) and the issuer (iss)
Use : https://www.jwt.io
4/ Create an xpi project and create a RESTFul API service like below
(*) In my example, i use 6443 for the apache/tomcat port (can be change in the server.xml file in the apache conf directory)
Create GetTime path
5/ Create a new flow and use a RESTFul API connector in the trigger area
In the last step use a Flow Data to, update C.userblob variable with a simple json containing the time (‘{« time »: »‘&TStr (Time (),’HH:MM:SS’)&' »}’) and C.usercode with 201.
6/ Open the XML service definition file of your RESTFul service under your project directory
(ex : <Magicxpi installation directory>Runtime\projects\OAuth2_Keycloak\OAuth2_Keycloak\RESTful API\MyRESTfulAPI)
Add the oauth2 resource server in the securityDefinitions
Use the iss value from the token (step 3) for the issuerUri
Add a security role (« default-m2m-resource-server-m5jgoo/read ») (step 3) for the endpoint you want to protect
7/ Copy the war file (xpiREST.war) from your installation directory (ex: <Magicxpi installation directory>\Runtime\addon_connectors\RESTfulAPI\servicefiles to your webapps apache directory (ex: <Magicxpi installation directory>\Runtime\apache-tomcat\webapps)
!! Use the last version of the war file
8/ Start your apache server (startup.bat) from your apache directory (ex : <Magicxpi installation directory>\Runtime\apache-tomcat\bin) using command line (Admin mode)
9/ Copy the service definition file from step6 to directory « rest-services » of your apache/tomcat
10/ Start your magic xpi project
11/ Use Postman to call Magic xpi service and use the bearer token you got from step 2/
Set the Authorization header with the Bearer token
You should receive status 201 with the time value
12/ Set a wrong role in the service definition file in your apache directory
If you call again the service, you should get error status 403 Forbidden
