Identity Domain API invocation using signed requests via Postman

May 31, 2024 | 2 minute read
Text Size 100%:

Introduction

Identity Cloud Service (IDCS), now known as Identity Domains is available to all new and most existing OCI commercial customers.

Existing customers may have written scripts or use IDCS Postman collection to run tests or execute the IDCS REST APIs. The IDCS REST APIs expect OAuth 2.0 token obtained by utilizing one of the OAuth grant types. The authorization is determined based on the API roles that a subject requesting the APIs was granted (either a user token or an app token) . 

Identity Domains are now native to OCI and support an adiitional API authentication method - the 'OCI API request signing' along with Oauth 2.0 tokens that IDCS offered.

If you are interested in testing this out via Postman, my colleague Tim Melander and I have made it easy for you. All you need to do is download and import the Postman collection available here - OCI Identity Domain API Signing Collection and follow the steps form the instructions section below.

The pre-request script attached to the postman collection takes care of creating the signature. The pre-script does the following:

  1. Creates the signing string based on parts of the request.
  2. Creates the signature from the signing string, using the private key provided in the environment and the RSA-SHA256 algorithm.
  3. Adds the resulting signature and other required information to the Authorization header in the request.

Additional details and code samples in various languages are available  in this doc - OCI REST API Request Signature . 

Instructions:

  1. Import the environment file into Postman using the ‘Import’ button at the top. 
  2. Open and Edit the newly imported environment, and set the OCI REST variables USER_OCID, TENANCY_OCID, REGION, COMPARTMENT_OCID, PRIVATE_KEY, FINGERPRINT, optionally PASSPHRASE. Add the IDCS_HOST variable value to invoke the IAM Identity Domain APIs from the collection.Environment Variable

     

  3. Now import the OCI_REST_COLLECTION collection into Postman.
  4. From the collection invoke the ONE_TIME_INITIALIZATION_CALL Initializer GET for ‘jsrsasign-all-min.js’ , which imports and initializes a required library jsrsasign for encryption and digital signatures. This is a one-time setup task.Initialization

     

  5. Test by running the "Get Users" request.Success

     

That’s it!! Now you can use other sample requests from the oci_rest_collection to invoke available IAM domain REST APIs.

The collection provides sample GET and POST requests, which can be extrapolated to invoke any other Identity domain REST APIs.

 

 

 

 

 

Manasi Vaishampayan


Previous Post

How to Gracefully Prepare a Busy Backend Server for Maintenance

Next Post


Enhancing IP Address Management with OCI New Tool – IP Address Insight