Integrate OAuth 2.0 ROPG flow

❗️

DEPRECATED

The ROPG flow has been omitted in OAuth 2.1 specification. It is no longer recommended. Please refer to authorization code flow with PKCE

📘

PREREQUISITE

  1. Deploy the Java angular sample app
  2. Configure the tenant https://identity-developer.cyberark.com/docs/setup-tenant-for-java-angular-app

The Resource owner password grant grant is used for non-interactive user flow where the client passes the resource owner's username and password along with the user's username and password.

This guide describes how ROPG flow can be integrated with CyberArk Identity using the CyberArk Identity Java SDK.

Configure an OAuthClient instance

Configure the OAuthClient object by providing the OAuth 2.0 application details that will allow the client application to make authorized API requests.

import com.cyberark.client.OAuthClient;

// provide confidential client details for client_id and client_secret
OAuthClient oauthClient = new OAuthClient(YOUR_TENANT_URL, YOUR_OAUTH_APPLICATION_ID, YOUR_CONFIDENTIAL_CLIENT_ID, YOUR_CONFIDENTIAL_CLIENT_SECRET);

Constructor parameters:

ParameterDescriptionRequired
tenantURLCyberArk Identity Application URLYes
applicationIdOAuth client Application ID.
This value can be found at OAuth client Application Settings section.
Yes
clientIdService usernameYes
clientSecretService user passwordYes

Token request

The client can get the tokens for ROPG flow using the following method:

TokenHolder tokenHolder = oauthClient.requestTokenWithPassword(YOUR_USER_ID, YOUR_USER_PASSWORD)
    .setGrantType("password")
    .setScope(YOUR_SCOPE)
    .execute();

Required parameters

  • userName - The login user name.
  • password - The login user password.

Parameters can be added to the token URL using the builder methods as shown below.

// Sets the login user name.
TokenRequest setUserName(String userName);

// Sets the login user password.
TokenRequest setPassword(String password);

// Sets the grantType to client_creds.
TokenRequest setGrantType(String grantType);

// Sets the scope value.
TokenRequest setScope(String scope);

Explore the ROPG flow in Java angular sample app

📘

Prerequisite

  1. Setup OpenID Connect (OIDC) custom application in CyberArk Identity tenant
  2. Install the CyberArk Identity Java-angular sample app
  3. Setup the Java-angular sample app

After successful login to the sample app, select Machine To Machine card as highlighted below.

932932

From the drop-down, select Resource Owner and hit Build Token URL.

859859

📘

Note

The service provider username and password are taken from the data provided in Settings page.

852852

Upon clicking submit, an access token can be obtained.

453453