This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK

REST API oAuth2.0

Idea ID 1790366

REST API oAuth2.0

Status: Accepted Submitted by Honored Contributor.. Honored Contributor.. on ‎2019-05-08 23:58

Hello,

Brief Description: Enable Micro Focus Operations Orchestration to leverage oAuth2.0 to authenticate against REST API.

Benefits/Value

  • oAuth2.0 provides a much stronger authentication /authorization model then Basic Auth
  • If a token gets compromised under oAuth2.0 and that tokens time to live is only set to a hour. The attacker has a limit window with that token. Unlike Basic Auth, the token (Base64) continues to be valid until the password is changed

Design details:

 

  • Have the ability to leverage cutomers identity provider, in our example Azure Active Directory
Labels
7 Comments
FlorinM
Micro Focus Contributor
Micro Focus Contributor
‎2019-05-09 11:00
‎2019-05-09 11:00
Status changed to: Waiting for Votes

This is a very good idea. Thank you for posting it!

Changing status to Waiting for Votes to get community support.

benwatt
Super Contributor.
Super Contributor.
‎2019-09-09 17:14
‎2019-09-09 17:14

Voted this up. I had to abandon the out of the box HTTP Client options because of this, and use Powershell for REST API calls instead.

Lucian-Revnic
Micro Focus Expert
Micro Focus Expert
‎2019-09-09 17:48
‎2019-09-09 17:48

Hi Benwatt,

From the description and tag of the idea it looks like the enhancement is for OO REST API. 

From your comment above I understand you need enhancements in the HTTP Client OOTB operations as well? Can you detail a bit on this? Have you submitted any idea on the out of the box operations as well?

Thank you,

Lucian

asish
Member..
Member..
‎2019-11-19 14:21
‎2019-11-19 14:21

Hi Team,

 

We also , under a different project required OO application to leverage with OuthV2 authentication.

We have been updated to refer this ER  over Support ticket  SD02538439 raised for the feasibility of OuthV2.

We have an Incident flow setup with Service now and as per Company standards, all rest API integrations to configured with Outh V2, so to meet the standards, we need OO to support Outh V2 as well. Failing this , our OO application and existing integration will be marked as Non Complaint.

So expecting a quick review on this to have this prioritize.

Br,

Ashish Banyal

daniel_crisan
Micro Focus Expert
Micro Focus Expert
‎2019-11-28 14:01
‎2019-11-28 14:01

Hi Ashish, 

Oauth2 protocol can be implemented in many different ways by the identity providers. Can you tell us what IDP do you use for your Oauth2? 

Regards,

Daniel

FlorinM
Micro Focus Contributor
Micro Focus Contributor
‎2020-02-28 09:43
‎2020-02-28 09:43
Status changed to: Accepted

The support for OAuth2 on the REST APIs is in plan and will e delivered in a future release.

Jorge Cruz
Honored Contributor.. Honored Contributor..
Honored Contributor..
‎2020-06-24 14:54
‎2020-06-24 14:54

@daniel_crisan the identity provider that we are looking at is AAD (Azure Active Directory)

Most "Liked" Contributors
View All ≫
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.