OAuth 2.0 (Open Authorization) is the standard protocol for token-based authorization. It allows clients (such as chatbots) to access protected resources on behalf of a resource owner without passing the resource owner's credentials with the request.
Chatbots created with Oracle Digital Assistant integrate with remote back-end systems through custom components that invoke REST services. For custom components to access protected REST endpoints, some sort of authorization must be passed in the request header.
Oracle Digital Assistant supports OAuth2 authorization through the built-in System.OAuthAccountLink component. You use the System.OAuthAccountLink component to get an authorization token, which you then exchange for an access token in a custom component call to the OAuth2 token endpoint, so that subsequent custom component calls can access protected REST resources.
This article explains how to authorize custom component requests for OAuth2 protected resources using Facebook as an example. Facebook supports OAuth2 and allows a bot to access user profile information if authorized by the user.
The two most commonly used authorization options in OAuth2
· Client Credential Flow - Using the client credential flow, clients like Oracle Digital Assistant obtain authorization to protected resource through a shared client Id and client secret. This authorization flow type can be handled using a custom component only (subject of a future Oracle TechExchange article). Read the complete article here.
For regular information become a member in the Developer Partner Community please register here.