The following trouble shooting topic applies only if you are using a software version before update 23.
You must configure an OAuth client application entry in the SmartPlant Foundation Authorization server with the required settings, such as the client name, client ID, redirect URI, and so on. However, the type of OAuth flow used by API Services for the external client must be set to AuthorizationCode.
You can configure access to the SmartPlant Foundation Web APIs from an external application using IWA authentication by applying the following example configuration steps to return the OAuth access token.
Issue an Authorization Code request
From a browser, issue an Authorization Code request with the following completed fields:
The response_type should be set to code for this type of request. This results in the OAuth end-point returning an authorization code
The client_id obtained when requesting the OAuth application, which identifies the client application making the request
The URL that the request is redirected to after access is granted by the user. This is the complete URL, which includes the protocol and port if applicable
The comma-delimited set of permissions that the application requests
The parameter specified in the Authorization Code request that provides the state that might be useful to the application upon receipt of the response
This authorization code request prompts the user for the authentication details in Smart API Manager.
Specify the redirect URL parameters in the redirect_uri setting.
The authorization code
The parameter specified in the Authorization Code request
The following example shows a successful response from an Authorization Code request.
Issue a Post operation to convert the code to a token
The code received in the application from the Authorization Code request is short lived and must be exchanged in the Authorization Code with an access token within a 60 second time frame using a Post request.
You can configure the Authorization Code request time frame using the Authorization Code Lifetime setting in the authentication server.
Create a POST request from the application to the /oauth/connect/token endpoint using the following form data:
The authorization code returned from the Authorization Code request
The same Smart Client ID obtained when requesting from the OAuth application
The same Smart Client secret obtained when requesting from the OAuth application
The same URL obtained by the Authorization Code request that the application is redirected to after access is granted by the user
This is defined in the OAuth 2.0 specification. This field must contain the value authorization_code
The following is an example Post request:
POST: /oauth/connect/token HTTP/1.1
With the content type set as follows:
With the body content set to the following:
client_id = SPFWC
client_secret = J747q/YsHEfWE@fnO(vG)u^ta4-k38p}
redirect_uri = https://[Site]/oauthredirect.html
grant_type = authorization_code
code = c6153bbf147c1fcc5f05ebbabee2d39
The response is returned as an access token that can be used in all subsequent authenticated requests to the Web API.
The following is an example of a valid response with a Bearer token: