New authentication option for REST api’s, OAuth
UEM 12.12 launched in January and was quickly followed with an update to UEM cloud. An important highlight for this release was support for REST APIs in UEM cloud, making it feature compatible to the on-premise product. Since authentication in the cloud requires a different model, it made sense to offer the choice of OAuth for REST APIs to both the cloud and the on-premise version.
So, following up on my earlier REST API posts here and here, I’m going to step through how I connect with a instance of UEM cloud, and make some REST calls using the new OAuth authentication scheme. Like the earlier Devblogs, I’m going to use Postman .
As before, I will assume you have setup a server already (this time in the cloud). You will need access to the server (or help from your admin) on https://account.blackberry.com and you should be familiar with the OAuth docs “Implementing OAuth” and the readme in “OAuth Samples”.
To use the first sample, “Sample Rest Api with client_crendentials and client_secret” [BT1] we need to do some setup with your online BlackBerry account.
Follow the instructions here.
First Tip:
It may seem strange to add an application, when you’re not really making one, but treat the REST API calls from postman as if that is your app, and just go with the flow. I called my application placeholder EdsTestRESTapi for example.
You should get something that looks like this:
Now comes the important bit. To link your postman OAuth calls to the UEM server, our implementation of OAuth2 uses BlackBerry Enterprise Identity so we need to add this app to your UEM server.
Enable and authorize the app in UEM
Now go to your UEM management console, on the menu bar, click Settings > BlackBerry Enterprise Identity > Services.
In the OpenID Connect apps table, click +.
Click the app name that was added in BlackBerry Online Account.
Complete the prompts and add the app.
Click Settings > Administrators > Web service clients.
Select the client in the table.
Select an administrator user to map to the client app.
It should look something like this when you’re done.
Next, make sure that you assign admin privileges to the webservice client for this app.
Go to Settings>Administrators>Web service clients.
You should see the client name/client ID from above. Add a user with administrator privileges.
Now, open Postman and import the Postman Samples. I should look like this:
Click on Client Credentials Grant, and following the instructions from the readme in the sample folder, you should see something like this when done.
Set the “no enviroment” drop down to Client Credentials
Then click on “Get New Access Token”
All the {{variable}} items are pulled through from the earlier settings.
From the returned token screen click on use.
NOW you can click on send, and you should get back your machine’s uptime.
Like this:
Note: If you see anything else, check through your steps. In particular, if you get a HTTP Status 401 – Unauthorized
Try regenerating your Request Token, they will time out and then try send again.
You can try the same technique with the on-premise version of UEM, or use other OAuth choices (see the docs). Welcome to OAuth with UEM!
