Example implementation

You can use an OAuth client library to ease OAuth 2.0 adoption for your application.

The OAuth 2.0 client library handles OAuth-related low-level functionality and provides a simple interface to implement the steps in the previous sections.

See http://oauth.net/2/ lists of popular OAuth 2.0 client libraries for Java. A sample implementation based on the Apache Oltu OAuth 2.0 Client is provided here. This implementation is a simple thick-client application that integrates with API Gateway and IFS. These are code snippets to implement OAuth:

Request authorization code

OAuthClientRequest request = OAuthClientRequest
                .authorizationProvider("https://mingledev01-sso.mingledev.infor.com:443/ACME_PRD/as/authorization.oauth2")
                .setClientId("ACME_PRD~QxG91-i82CO4P7L5R1YR4YwdOyWw5caGh0UqkvqYrUY")
                .setRedirectURI("http://sample-oauth2-client.infor.com:8080/SampleAppOAuth2/redirect"
                .setResponseType("code")
                .buildQueryMessage();
servletResponse.sendRedirect(request.getLocationUri());

Exchange code for token

OAuthClientRequest request = OAuthClientRequest
        .tokenLocation("https://mingledev01-sso.mingledev.infor.com:443/ACME_PRD/as/token.oauth2")
        .setGrantType(GrantType.AUTHORIZATION_CODE)
        .setClientId("ACME_PRD~QxG91-i82CO4P7L5R1YR4YwdOyWw5caGh0UqkvqYrUY")
        .setClientSecret("G1-DsyjDTlC6uzaelRKMZMDkfUU-3SUbs2zNdq-Rf9e0xE2G_mJhjqPCZXUPYHTqXQdMPKEqCwEO94rzmYleBg")
        .setRedirectURI("http://sample-oauth2-client.infor.com:8080/SampleAppOAuth2/redirect")
        .setCode(code)
        .buildQueryMessage();
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
OAuthAccessTokenResponse oauthResponse = oAuthClient.accessToken(request);
String accessToken = oAuthResponse.getAccessToken();
String expiresIn = oAuthResponse.getExpiresIn();

Use access token

OAuthClientRequest bearerClientRequest = new OAuthBearerClientRequest("https://mingledev01-ionapi.mingledev.infor.com/ACME_PRD/weather/geolookup/q/FL/32266.json")'+
        .setAccessToken(accessToken)'+
        .buildQueryMessage();'+
OAuthResourceResponse resourceResponse = oAuthClient.resource(bearerClientRequest, OAuth.HttpMethod.GET, OAuthResourceResponse.class);

Refresh token

String reqParam = "refresh_token="+varRefreshToken+"&grant_type=refresh_token";
OAuthClientRequest oauthrequest = OAuthClientRequest.tokenLocation(https://mingledev01-sso.mingledev.infor.com:443/ACME_PRD/as/revoke_token.oauth2+"?"+reqParam)
    .buildBodyMessage();
oauthrequest.addHeader("Authorization", "Basic "+authStringEnc);//use client_id as username, client_secret as password
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
OAuthResourceResponse resourceResponse = oAuthClient.resource(oauthrequest, OAuth.HttpMethod.POST, OAuthResourceResponse.class);';

Revoke token

String reqParam = "token="+varRefreshToken+"&token_type_hint=refresh_token";
OAuthClientRequest oauthrequest = OAuthClientRequest.tokenLocation(https://mingledev01-sso.mingledev.infor.com:443/ACME_PRD/as/revoke_token.oauth2+"?"+reqParam)
    .buildBodyMessage();
oauthrequest.addHeader("Authorization", "Basic "+authStringEnc);//use client_id as username, client_secret as password
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
OAuthResourceResponse resourceResponse = oAuthClient.resource(oauthrequest, OAuth.HttpMethod.POST, OAuthResourceResponse.class);