Hi there,
we’re currently planning a software ( “middleware”) to act as a REST Server, reading Data from Cumulocity (of course as REST-Client) and providing them to a Service-Client.
This REST API shall respect a given ISO Standard which requires “OAuth or OAuth2”, so I’m trying to understand how OAuth2 with Cumulocity works.
It looks like we’re planning a Microservice SDK Topics tagged Cumulocity-IoT , would you agree?
In the Authentication methods list you’ll find the sentence:
"Authentication with OAuth is based on cookies technology, so the access token must be read from the request cookie header. “
Question:
1.) Are the process with cookie header and a comparable process with bearer token the same and the only difference is to find the token? Or is an OAuth(2?) call with Bearer Token totally different?
2.) If the token would be provided to my middleware service as an Authorization Bearer token, could I take that token and provide it as a cookie token towards the Cumulocity API or would the Bearer Token be blocked/filtered/whatever by some service “covering” my middleware?
3.) In case the Authorization Header Process is not compatible with the Cookie-Header process but the type of token is compatible, would it be a way to go to redirect to my service, convert Cookie-Header to Authorization-Header and redirect to the originally calling server?
I hope it is understandable what we’re trying to achieve, otherwise please feel free to get back to me.