How to pass Dynamic User Credential For Oracle Fusion Webservices using JWT in OIC integrations

 We have seen the setup of JWT  based authentication in THIS post and also how to generate JWT token using PL/SQl in THIS post.

Now we will see how we can use the above in our OIC integrations to dynamically pass user details in APi authorization headers as bearer token.

One of the use case for this will be, we want to have created by on records in Fusion as the user who has submitted the integration. This will be helpful in audit trail.

One more example will be the approval web services, where tasks can be approved by the assigned user only. We should not store these apporvers credentials so one of the solution is using JWT token to pass in authorization header in web service.

Let us take example of the Journals integration. If we have integrations where users upload the file and submit integration to import journals in Oracle Fusion GL. By default the created by will be the service user with which we have configured ERP adapter.

But we want to have created by as the submitter who triggered the integration so that we can track.

ERP adapter by default doesn't support authorization header passing for bulk import, so we can use Rest adapter connection.

For this we can create a rest adapter connection for Fusion  ERP cloud with no security policy as below:

Now inside the integration we will have the PL/SQL function call to get the JWT token for user who has submitted the integration and then pass it as authorization header in Bulk import request.

We can folow the below screenshots:

 

 

 

 

 Map the values for input correctly.

This will provide us the JWT token for the submitter.

If we are having generate token in  a scope then we assign the token using data stitch and use it to map in request further as shown below:

Now we will use this in Import Bulk data operation request.

 

 

 

 Sample json paylod, we will pass the actual values in mapper:

 

Request Header:

 

 

Mapper:

 

Provide the details correctly:

 

 

 

Job option as -> concat( "EnableEvent=Y,EventIncludeImportJob=Y,ExtractFileType = ALL,JobDetailFileName=", ATTRIBUTE2) 

Here  ATTRIBUTE2  mapping contains the properties filename

This will trigger callback even when it fails in  load to interface if we have subscribed to fbdi job completion event in callback using ERP Adapter.

We are done with the configuration. We are not passing callback URL because we will use event based callback for this we have mentioned to enable event in job options above.

Now let us see the sample request response by running the integration:

 

 

 

 

 

 

 

 

So our import bulk data job is submitted. This will pass the submitter credentials and the created by column will have the submitter username instead of the service user.

We have enabled the event and subscribed to the event in callback integration.