Skip to main content

Hi,

 

For a project we want to use a custom web api to deliver additional complex functionality. We already have a custom REST Web API which can provide the functionality we need, which uses oAuth 2 Azure AD authentication. When we use the workflow steps  "Call HTTP Web Service" or "App Step" we receive authentication errors. The steps themselves don't really allow configuration for this. Is there a way we can use these an custom Web API which uses oAuth 2?

 

Peter

Hi!

In OAuth you should provide an AccessToken as a request parameter as a proof of authentication. Are you doing that?

Regards,

Tomasz


Hi Tomasz,

Thank you for your comment. We have created a solution that works for us:

  1. We have developed the custom WebAPI which is hosted on Azure and uses Azure AD authentication
  2. Withou our workflow we:
    1. Use a "Call HTTP Web Service" to get the authorization token information
    2. Use multiple steps to extract the token value itself
    3. Use a "Call HTTP Web Service" to call our own API.

Since we need to use usernames and passwords, it would be really helpfull to use the constant variables Ninxes offers on premises, but... it works 🙂.

Regards,

Peter


Hi Peter Heibrink‌, could you explain in more details how you get the token and then use it in the next request please ?

Are you doing it on Nintex Workflow for Office 365 ?

Kenza Garreau


Hi

I ll follow up on the explanation as well.

Regards,

Kenza Garreau

De : Cedric Oster <community@nintex.com>

Envoyé : mercredi 24 octobre 2018 16:34

À : GARREAU, Kenza

Objet : #Adv#: You have been mentioned by Cedric Oster in Re: Working with custom web api in Nintex Community

Nintex Community <https://community.nintex.com/?et=notification.mention>

You have been mentioned

by Cedric Oster<https://community.nintex.com/people/coster?et=notification.mention> in Re: Working with custom web api in Nintex Community - View Cedric Oster's reference to you<https://community.nintex.com/message/84616-re-working-with-custom-web-api?commentID=84616&et=notification.mention#comment-84616>


There were multiple steps involved and some steps can probably be bundled, but these are the steps we used:

  1. Create an auth request body (step build string):
    grant_type=password&client_id=‍{Variable:AzureADApp.ClientId}‍&client_secret=‍{Variable:AzureADApp.ClientSecret}‍&username=‍{Variable:NintexAccount.Username}‍&password=‍{Variable:NintexAccount.Password}‍&resource=‍{Variable:AzureADApp.ClientId}
  2. Get the authorization token (step web request)
    1. Url: https://login.windows.net/common/oauth2/token
    2. Method: Post
    3. Content type: application/x-www-form-urlencoded
    4. Body: the text of step 1
    5. Username: The same user name as in step 1
    6. Store the response content in a variable
  3. Extract the response token step 1 (step regular expression)
    1. String: variable from step 2
    2. String operation: Extract
    3. Pattern: "(access_token)":"((\"|a^"])*)"
    4. Output: Select a variable
  4. Extract the response token step 2 (step extract substring of string from index of string)
    1. String: Value of step 3
    2. Index: value 21
    3. Output: Select a variable
  5. Extract the response token step 3 (step regular expression)
    1. String: Value of step 4
    2. String operation: Extract
    3. Pattern: iw._-]*
    4. Output: Select a variable
  6. Extract the response token step 4 (step get an item from a dictionary)
    1. Dictionary: Select variable of step 5
    2. Item name or path: (0)
    3. Output: Select a variable
  7. Call your custom web api (step web request)
    1. URL: URL of your custom api
    2. Method: The method of your custom API (we used POST)
    3. Content Type: application/x-www-form-urlencoded
    4. Header name (key): Authorization
    5. Header value (the variable comes from step 6): Bearer ‍{Variable:AzureAuthToken}
    6. Body: Content
    7. Body value (your data, I provide my data as example): SourceSiteUrl=‍{Workflow Context:Current site URL}‍&SourceListName=‍{Workflow Context:List Name}‍&ListItemId=‍{Current Item:ID}
    8. Store response in: Select a variable

Hope this helps!


Superb ! Yes it helps a lot. Many thanks Peter !


Thanks a lot! In my case I was getting 'Authorization has been denied for this request' when using the token. It turned out to be because the 'resource' value used to get the token must match the web api's web.config 'ida:Audience' property, and in my case was 'api://<app_id>'.


Reply