We are trying to secure our webservices and web applications that we are using in our customizations of the Genesys Cloud service. We would want to use Oauth2 (Client Credentials Grant Type for the WebServices ) and Authorization Code for the communication between the front ( AngularJS ) and the Back ( REST API Spring boot web application ).
The point is, we were thinking that is possible to use Genesys Cloud as the Identity Provider for Oauth, because we read this blog entry:
But, we didn´t found any information to achieve that in your documentation repository and in any post in this forum ( the only entry in this forum is a link to the blog entry ). Is this possible?
In order to configure this in Spring Boot, we need to provide the issuerLocation to my ResourceServer, as this:
I'm not familiar with the specifics of your ResourceServer application, but you can find the OAuth documentation here: https://developer.genesys.cloud/authorization/platform-auth/. Refer to the page for the grant type you're trying to use and it contains all of the information necessary to set up OAuth in any application as it directly describes the OAuth flow and shows examples of each request. I don't know exactly what your program expects for issuerLocation, but I would guess it might be wanting auth server host or token URL.
I have read the documentation. This documentation is all about to generate and use a client to invoke the Genesys Cloud API, with all different grant types. I´m okey about that, but that is not what I wanted to ask.
My question is about the security of my web applications. I thought that I could use Genesys Cloud as an Identity Provider, in the same way that we can do with Google, OKTA or Azure AD. My ResourceServer is a simple Rest Controller that I developed as an example with a Hello World Method:
@SpringBootApplication @RestController
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@RequestMapping(value = "/")
public String hello() {
return "Hello World!";
}
}
To secure this method I have created a SecurityFilterChain to indicate that all requests to this application has to be authenticated via oauth2, and the AuthorizationServer that has to validate the JWT Token. I wanted that this Authorization Server would be Genesys, and to indicate that I have to provide an URL where Genesys validate the JWT Token received with the request to my application. This URL is the issuerLocation that I referred in my original post.
Can Genesys be used as this? Or am I mistaken?
For the client credentials grant type I´m not concerned because I can use another Identity Provider, including one created by me, but when I wanted to use Implicit Grant or Code Authorization, I would want to use Genesys, because if I implement another one, I have to do login with this other Identity Provider. If my application is inside the Genesys Cloud Web Interface it implies to do double login ( one with Genesys and another one with the Identity Provider ).
What would be the URL to validate the token from my server?