OAuth2 Password Grant (Service User) not supported for backend REST calls – any workaround?

0

Hi Ernst,

while I can’t answer on behalf of WEBCON, there’s a workaround.
The 2025 version extended the SDK to create custom authentication options. This would be a fallback.

Here’s an example:

https://daniels-notes.de/posts/2025/sharepoint-certificat-authentication-sdk

Best regards,
Daniel

Thanks Daniel, I will look into the SDK.

In the meantime I created a small token proxy.
In short: the proxy (XPages, Java bean) exposes a REST endpoint, receives a POST request (OAuth2 App-to-API), reads its configuration (grant_type=password, username, password, etc.), calls our core-banking API, receives the access token and returns it to WEBCON.
This part works perfectly.

Now I am facing the next show-stopper.

Use case:
A user enters a customer number. Name, address, etc. should be retrieved from the
core-banking REST API.

1st attempt – DataSource (REST)

- There is no way to pass a form field (customer number) to the DataSource request body
(e.g. {"customerNumber": <formField>})
- Therefore the DataSource cannot be parameterized
- Because there are >500,000 customers, calling something like "getAllCustomers"
and filtering in WEBCON is not an option

2nd attempt – Automation: Invoke REST Web Service

Apart from the fact that the workflow instance must be saved and calling a menu action
breaks the UX, this approach also fails because of the response structure.

The core-banking API returns a non-flat JSON response, e.g.:

[
{
"customerId": "...",
"customerIdentification": {
"customerNumber": 4711,
"id": "..."
},
"customersVariety": "PRIVATE",
"dateOfBirth": "2000-01-01",
"mainAddress": {
"city": "Monaco",
"country": "MC",
"postalCode": "4711",
"street": "Place Casino 1"
},
"name1": "Major",
"name2": "Tom",
"qualityLevel": "LEGITIMIZED_CUSTOMER"
}
]

In Invoke REST Web Service, WEBCON only allows mapping of Response:Code and Response:Body.
Nested properties or array elements cannot be mapped to form fields.

Am I correct that, without using the SDK or an external adapter that flattens the response,
this use case cannot be implemented in a clean way?

Using our core-banking-api is essential for most of our WEBCON applications.

Thanks for any ideas :-)
Kind regards
Ernst

Hi Ernst,

I also had the situation that I had a response which wasn't compatible with WEBCON.

In the end I decided to create a custom data source which executes the request and wraps the result

Here are some helpful lines, which will allow you to define the connection so that you can use the standard mechanism for defining dev/test/prod environment for the connection:
public class PIVisionsProductShipmentConfig : PluginConfiguration
[ConfigEditableConnectionID(DisplayName = "Connection", IsRequired = true)]
public string Connection { get; set; }


public async override Task<DataTable> GetDataAsync(SearchConditions searchConditions)
{
var connectionId = Configuration.Connection;
if (!int.TryParse(connectionId, out int connId))
throw new ArgumentException($"Connection ID '{connectionId}' must be an integer.");

var connectionHelper = new ConnectionsHelper(context);
var connection = connectionHelper.GetConnectionToWebService(new GetByConnectionParams(connId));


public override Task<List<DataSourceColumn>> GetColumnsAsync()
{
var columns = new List<DataSourceColumn>();

// Fixed columns for raw material data
columns.Add(new DataSourceColumn { Name = "Id" });
....
columns.Add(new DataSourceColumn { Name = "Error" });

return Task.FromResult(columns);
}

This could help you to use the data source in the form.

Best regards,
Daniel