Question

OAuth 2.0 Password Grant

0

Hi, we deployed a Mendix app with REST services. Another external app should use these REST services. However, the first time the Mendix services are called up, the user must log in using an SSO button. The authentication for the Mendix service should now take place via OAuth and without user login. If Mendix also supports the "Grant Type Password" (see https://oauth.net/2/grant-types/password/) the password could be provided by the app without user interaction. The question would be, where can you find the OAuth data for the Client_ID and Client_Secret for the Mendix app? Regards

asked 2023-07-20

Manuel Efremidis

3 answers

Manuel Efremidis · Answer 1 · 2023-07-20

Thank you for your reply. I will review your suggestion and let you know, but it may take a while :-)

Aditya Joshi · Answer 2 · 2023-07-20

Hello Manuel,

Looking at your question basically what you want is SSO authentication for exposed rest api by your mendix application.

To achieve this you should add OIDC SSO marketplace module into your application and configure it as per your Idp.

You can go through this detail document of how to configure this module → https://docs.mendix.com/appstore/modules/oidc/

Once you have configured OIDC module then you need to change authentication method of your expose api to custom and select OIDC.APIAuthentication microflow which has HTTPRequest as the input and returns System.User as the output.

So basically whenever user will try to consume your application exposed rest api then authentication will take place in APIAuthentication microflow.

All the best, I hope it helps.

Manuel Efremidis · Answer 3 · 2023-08-17

Hello Joshi, thank you for this information!

API authorization works well with the OIDC module. We use the external app's IDP, which can use the Mendix REST service with its id_token in the header of the http request.