{"id":3201,"date":"2025-12-10T14:44:45","date_gmt":"2025-12-10T13:44:45","guid":{"rendered":"https:\/\/france.magicsoftware.com\/blog\/?p=3201"},"modified":"2025-12-11T14:48:48","modified_gmt":"2025-12-11T13:48:48","slug":"oauth2-microsoft-identity-platform-magic-xpi","status":"publish","type":"post","link":"https:\/\/france.magicsoftware.com\/blog\/magic-xpi\/oauth2-microsoft-identity-platform-magic-xpi\/","title":{"rendered":"Microsoft Identity Platform – Magic xpi"},"content":{"rendered":"\n

Goal : Configure OAuth2 Authentication for Magic xpi RESTful API Service using Microsoft identity platform Application2Application<\/strong><\/p>\n\n\n\n

1\/ Sign on your azure portal and register an application.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Register a New app with these information for example \u00ab\u00a0MyOauth2App2App\u00a0\u00bb (no need to define a Redirect URIs)<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Click on App roles and create an app role<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Click on API Permissions and remove Microsoft Graph (User.Read)<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Click on Add a permission and choose your API and app role<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Grant admin consent<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Click on Expose an API and add a scope, keep the value and Click Save and continue<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Set the scope name, admin consent display name and description then click Add scope<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Click on certificates and secrets and create a new secret and keep your secret in a safe place.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Click on Overview =>Endpoints and copy the token v2 URL, your client id and tenant id<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

2\/ Check with Postman that you can get an access token like below<\/p>\n\n\n\n

make a POST on your token URL and pass in the body (clientid, client secret, grant type and scope) in urlencoded format<\/p>\n\n\n\n

Set the scope with : api\/\/<yourclientid>\/.default<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

3\/ Check in the token that you get \u00ab\u00a0RoleREST\u00a0\u00bb (roles) and the issuer (iss)<\/p>\n\n\n\n

Use : https:\/\/www.jwt.io<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

4\/ Create an xpi project and create a RESTFul API service like below<\/p>\n\n\n\n

(*) In my example, i use 6443 for the apache\/tomcat port (can be change in the server.xml file in the apache conf directory)<\/p>\n\n\n\n

Create GetTime path<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

5\/ Create a new flow and use a RESTFul API connector in the trigger area<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

In the last step use a Flow Data to, update C.userblob variable with a simple json containing the time (‘{\u00ab\u00a0time\u00a0\u00bb:\u00a0\u00bb‘&TStr (Time (),’HH:MM:SS’)&'\u00a0\u00bb}’) and C.usercode with 201.<\/p>\n\n\n\n

6\/ Open the XML service definition file of your RESTFul service under your project directory<\/p>\n\n\n\n

(ex : <Magicxpi installation directory>Runtime\\projects\\OAuth2_Keycloak\\OAuth2_Keycloak\\RESTful API\\MyRESTfulAPI)<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Add the oauth2 resource server in the securityDefinitions<\/strong><\/p>\n\n\n\n

Use the iss value from the token (step 3) for the issuerUri for the tag <resourceServer><\/p>\n\n\n\n

Add a security role (\u00ab\u00a0RoleREST\u00a0\u00bb) (step 3) for the endpoint you want to protect for the tag <security><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

7\/ Copy the war file (xpiREST.war<\/strong>) from your installation directory (ex: <Magicxpi installation directory>\\Runtime\\addon_connectors\\RESTfulAPI\\servicefiles<\/strong> to your webapps apache directory (ex: <Magicxpi installation directory>\\Runtime\\apache-tomcat\\webapps<\/strong>)<\/p>\n\n\n\n

!! Use the last version of the war file<\/strong><\/p>\n\n\n\n

8\/ Start your apache server (startup.bat) from your apache directory (ex : <Magicxpi installation directory>\\Runtime\\apache-tomcat\\bin) using command line (Admin mode)<\/p>\n\n\n\n

9\/ Copy the service definition file from step6 to directory \u00ab\u00a0rest-services\u00a0\u00bb of your apache\/tomcat <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

10\/ Start your magic xpi project<\/p>\n\n\n\n

11\/ Use Postman to call Magic xpi service and use the bearer token you got from step 2\/ <\/p>\n\n\n\n

Set the Authorization header with the Bearer token<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

You should receive status 201 with the time value<\/p>\n\n\n\n

12\/ Set a wrong role in the service definition file in your apache directory<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

If you call again the service, you should get error status 403 Forbidden<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Goal : Configure OAuth2 Authentication for Magic xpi RESTful API Service using Microsoft identity platform Application2Application 1\/ Sign on your azure portal and register an application. Register a New app with these information for example \u00ab\u00a0MyOauth2App2App\u00a0\u00bb (no need to define a Redirect URIs) Click on App roles and create an app role Click on API […]<\/p>\n","protected":false},"author":1,"featured_media":3250,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[31,4,28,88,27],"tags":[11,14],"class_list":["post-3201","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","category-magic-xpi","category-microsoft","category-microsoft-identity-platform","category-oauth2","tag-azure","tag-magic-xpi"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t