my goal is to read the data from odata api provided by the SuccessFactors (SF) from Chrome Extension.
Unfortunatelly I cannot use chrome.identity.launchWebAuthFlow because the SF is using SAML.
I have the Oauth client registered in the SF admin portal with generated the certificate. I'm sending the private certificate together with the saml request.
By following this tutorial https://help.sap.com/viewer/d599f15995d348a1b45ba5603e2aba9b/1911/en-US/4e27e8f6ae2748ab9f23228dd6a3... I'm able to receive assertion, but each time I try to get the token itself, I get a 401 response with text
Unable to verify the signature of the SAML assertion
Do you have any idea what may cause this issue?
edit: code example
const apiKey = "<apikey>";
const privateKey ="<privatekey>";
const baseUrl = "https://api2.successfactors.eu";
const tokenPath = "/oauth/token";
const assertPath = "/oauth/idp";
const odataRoot = "/odata/v2"
let params = new URLSearchParams();
params.append("client_id", apiKey);
params.append("user_id", "<user>");
params.append("token_url", `${baseUrl}${tokenPath}`);
params.append("private_key", privateKey);
const headers = {
"Content-Type": "application/x-www-form-urlencoded"
};
let response = await fetch(`${baseUrl}${assertPath}`, {
method: "POST",
headers: headers,
body: params
});
const assertion = await response.text();
params = new URLSearchParams();
params.append("client_id", apiKey)
params.append("company_id", "<company>");
params.append("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
params.append("assertion", assertion);
response = await fetch(`${baseUrl}${tokenPath}`, {
method: "POST",
headers: headers,
body: params
});
const tokenData = await response.json();
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.