Integrate OAuth 2.0 ROPG flow
DEPRECATED
The ROPG flow has been omitted in OAuth 2.1 specification. It is no longer recommended. Please refer to authorization code flow with PKCE
PREREQUISITE
- Deploy the Java angular sample app
- Configure the tenant https://identity-developer.cyberark.com/docs/setup-tenant-for-java-angular-app
The Resource owner password grant grant is used for non-interactive user flow where the client passes the resource owner's username and password along with the user's username and password.
This guide describes how ROPG flow can be integrated with CyberArk Identity using the CyberArk Identity Java SDK.
Configure an OAuthClient instance
Configure the OAuthClient object by providing the OAuth 2.0 application details that will allow the client application to make authorized API requests.
import com.cyberark.client.OAuthClient;
// provide confidential client details for client_id and client_secret
OAuthClient oauthClient = new OAuthClient(YOUR_TENANT_URL, YOUR_OAUTH_APPLICATION_ID, YOUR_CONFIDENTIAL_CLIENT_ID, YOUR_CONFIDENTIAL_CLIENT_SECRET);
Constructor parameters:
| Parameter | Description | Required |
|---|---|---|
tenantURL | CyberArk Identity Application URL | Yes |
applicationId | OAuth client Application ID. This value can be found at OAuth client Application Settings section. | Yes |
clientId | Service username | Yes |
clientSecret | Service user password | Yes |
Token request
The client can get the tokens for ROPG flow using the following method:
TokenHolder tokenHolder = oauthClient.requestTokenWithPassword(YOUR_USER_ID, YOUR_USER_PASSWORD)
.setGrantType("password")
.setScope(YOUR_SCOPE)
.execute();
Required parameters
- userName - The login user name.
- password - The login user password.
Parameters can be added to the token URL using the builder methods as shown below.
// Sets the login user name.
TokenRequest setUserName(String userName);
// Sets the login user password.
TokenRequest setPassword(String password);
// Sets the grantType to client_creds.
TokenRequest setGrantType(String grantType);
// Sets the scope value.
TokenRequest setScope(String scope);
Explore the ROPG flow in Java angular sample app
Prerequisite
- Setup OpenID Connect (OIDC) custom application in CyberArk Identity tenant
- Install the CyberArk Identity Java-angular sample app
- Setup the Java-angular sample app
After successful login to the sample app, select Machine To Machine card as highlighted below.
From the drop-down, select Resource Owner and hit Build Token URL.
Note
The service provider username and password are taken from the data provided in Settings page.
Upon clicking submit, an access token can be obtained.
Updated 9 months ago