To access the REST API in the application server through external applications, authentication is supported by the OAuth2.0/OpenID Connect and OAuth2.0/OpenID Connect (role-based) authentication modules. Ensure that authentication for the REST API is set up through OAuth 2.0/OpenID Connect.
To authenticate an external application using Oauth 2.0/Openid Connect in One Identity Manager
-
Log in to the external identity provider, for example with Redistributable STS (RSTS), and get the access token.
-
Ensure that the token is passed as the bearer token in the authentication header of all queries.
NOTE: The session must be handled by a bearer token when logging in using a session cookie. Clients accessing the REST API using the bearer token must therefore keep the cookie assigned during the first access and send it with subsequent accesses. Otherwise, a new session is established for each access, which costs a lot of resources.