Uploaded image for project: 'UX Product'
  1. UX Product
  2. UXPROD-2673

Implement Oauth2 Consumer for Requesting D2IR (INN-Reach) OAuth2 Tokens



    • Volaris
    • 100
    • R4
    • R5
    • R5
    • R5
    • R5
    • R2
    • R2
    • R5
    • R5


      Current situation or problem:
      In order to make D2IR API called to the central INN-Reach server, FOLIO must have a valid Bearer Auth token. These tokens are generated by POSTing a request to a configuration-specified API endpoint using a client key and secret combination. Key and secret should be concatenated together using a ":" and base64 encoded.

      Sample request:

      curl -X POST https://rssandbox-api.iii.com/auth/v1/oauth2/token -H 'Authorization: Basic YjU0ZTU2YzgtMGNlNi00MzhjLTk3NzktYzcyMWIxY2RjMz ZhOjFjYjQ4YjNmLTE1OTAtNDc0YS1iMDhhLWZjNDRlMjczMTlmOQ=='
         -H 'Content- Type: application/x-www-form-urlencoded'
         -d 'grant_type=client_credentials&scope=innreach_tp'

      Sample Response:

      "access_token": "06b42df732f628ae2c3764d86073cd76", 
      "token_type": "Bearer",
      "expires_in": 599

      Issued tokens are valid for 600 seconds. Expired tokens result in a 401 Unauthorized response from the server. Client should handle these responses and request a new token when needed.

      In scope
      API client for requesting OAuth2 Bearer Tokens from Central Server based on supplied Base64-encoded ket/secret pair

      Out of scope
      API Endpoint to provide OAuth2 Bearer Tokens to a client based on supplied Base64-encoded key/secret pair.

      Use case(s)
      All API calls from FOLIO to INN-Reach central server require an Oauth2 Bearer Authentication token to be included in the request headers. FOLIO must request a new token before attempting any other API calls.

      Proposed solution/stories
      Given a known API key/secret combination issued by the INN-Reach Central Server, the edge-inn-reach module should issue a request to the Central Server Oauth2 api to request a valid Bearer Auth token and store it for subsequent use, and request a new token when the previous one expires.


      • How do we store the API key/secret pair issues by the D2IR Central Server?
      • Should a new token be requested for each transaction with the server, or stored and re-used until expiration?

      TestRail: Results


          Issue Links



                brookstravis Brooks Travis
                brookstravis Brooks Travis
                0 Vote for this issue
                2 Start watching this issue



                  TestRail: Runs

                    TestRail: Cases