Skip to main content
Feedback

Configuration values for PreInput field

PreInputs ValuesAcceptable ValuesDescription
defaultTtl

- Data type: Integer

- Range: 1 - Infinite

1. This is a required value.

2. Provide the cache TTL for the access token.

If the expires_in parameter is not received in the token response or the introspect request is not provided, then set it to the TTL of the token object stored in the cache.

3. No default value.

clientIdData type: String

1. This is a conditionally required value.

2. Provide the clientId in the area-encrypted value.

An exception is thrown if grant_type is client_credentials or a password with clientCredentials is used, and the clientId is not provided.

3. No default value.

readTimeout

- Data type: Integer

- Range: 1 - Infinite

1. This is a required value.

2. Provide the readTimeout value in seconds to connect to the OAuth token endpoint.

The readTimeout + connectTimeout of the token endpoint should be less than the connectTimeout of the target request, and the total value of the token endpoint should not exceed the connectTimeout of the target request.

3. No default value.

connectTimeout

- Data type: Integer

- Range: 1 - Infinite

1. This is a required value.

2. Provide the connectTimeout value in seconds to connect to the Oauth token endpoint.

3. No default value.

tokenClientCredentialsLocationData Type: String

1. This is an optional value.

2. The default value is header, and the other option is body. Any other string will give an exception.

Note: For the body, clientId and clientSecret values are included within the body in URL-encoded format.

3. For the header, clientId and clientSecret are included within the header as Authorization Basic base64 (clientId:clientSecret) format.

clientSecretData Type: String

1. This is a conditionally required value.

2. Provide the clientSecret in the area encrypted value.

3. An exception is thrown if grant_type is client_credentials or a password with clientCredentials is used, and the secret is not provided.

tokenRequestURIData Type: String

1. This is a required value.

2. Provide the complete URI to hit the token request.

3. No default value.

grantType

- Data Type: String

- Allowed values: client_credentials and password

1. This is an optional value.

2. Provide the client_credentials and password values.

3. The default value is client_credentials.

tokenType

- Data Type: String

- Allowed value: Bearer

1. This is an optional value.

2. If this value is not provided, then this value defaults to Bearer.

passwordIncludeClientCredentialsData Type: Boolean

1. This is a conditionally required value.

2. Set value to true when grant_type is configured as password.

3. Set value to true or false to determine whether clientid and secret should be included in the request or not. If it is marked true, but clientid or secret are not provided, then an error will be thrown.

3. The default is false.

usernameDefault Type: String

1. This is a conditionally required value.

2. Provide the username in the area encrypted value.

An exception will be thrown if the password grant_type is used and the username is not provided.

passwordData Type: String

1. This is a conditionally required value.

2. Provide the password in the area encrypted value.

An exception will be thrown if the password grant_type is used and the password is not provided.

Generating Area-encrypted Values using Java or PHP

Some PreInputs fields, such as clientId, clientSecret, username, and password, require values encrypted using our area encryption. We provide you with a decryptedAreaKey specific to your area. Use that key to encrypt each credential before configuring the CAM_OAuth2BackendAuthentication_Service adapter on the Call Transformations page.

You can encrypt your credentials using one of the following methods:

Option 1: Java

Procedure

  1. Run the following Java command for each credential you want to encrypt:

    java -jar area-encrypt-1.0.0.jar <decryptedAreaKey> <Data>

    Where:

    • decryptedAreaKey: The area key will be provided by us.
    • Data: The plain-text credential (your confidential data) to encrypt (for example, your client ID).

    The command returns output in the following format:

    Decrypted Area Key provided: <decryptedAreaKey>
    Data provided: <Data>
    Encrypted Data: <encrypted-string>

  2. Copy the <encrypted-string> value and paste it into the relevant PreInputs field.

  3. Repeat this step for each of clientId, clientSecret, username, and password.

Option 2: PHP

Procedure

  1. Run the following PHP command for each credential you want to encrypt. This requires PHP with the mcrypt extension installed on your machine. :

    php encrypt_key_v3.php <decryptedAreaKey> <Data>

    The command returns an encrypted string.

  2. Copy the <encrypted-string> value and paste it into the relevant PreInputs field.

  3. Repeat this step for each of clientId, clientSecret, username, and password.

Example configurations

The following examples show how to configure the PreInputs field on the Call Transformations page. Replace the placeholder <area-encrypted> values with the encrypted strings generated in the Generating Area-encrypted Values using Java or PHP section.

Example: client_credentials grant type
grantType:client_credentials
tokenRequestURI:https://auth.example.com/oauth2/token
clientId:<area-encrypted-client-id>
clientSecret:<area-encrypted-client-secret>
tokenType:Bearer
tokenClientCredentialsLocation:header
defaultTtl:3600
connectTimeout:10
readTimeout:30
Example: password grant type
grantType:password
tokenRequestURI:https://auth.example.com/oauth2/token
clientId:<area-encrypted-client-id>
clientSecret:<area-encrypted-client-secret>
username:<area-encrypted-username>
password:<area-encrypted-password>
passwordIncludeClientCredentials:true
tokenClientCredentialsLocation:header
tokenType:Bearer
defaultTtl:3600
connectTimeout:10
readTimeout:30
On this Page