I am using Mobilefirst 7.1 to develop a Java HTTP Adapter for my Angular 2 hybrid project to call.
What I have done:
1) Built the Java Adapter that has a few POST & GET procedures
2) Deployed into my local MobileFirst Operations Console
What I want to achieve:
1) Using Angular 2 HTTP requests, call to adapter endpoints and get response successfully
2) No MFP sdk or MFP app will be used
My testing (in Postman Rest Client):
1) [SUCCESS] Get test token from test token endpoint, add 'Authorization' header in adapter requests, call adapter endpoint and get response successfully : Test in postman
2) [SUCCESS] Java Adapter disabled security (@OAuthSecurity(enabled=false)), without test token & without 'Authorization' header, call adapter endpoint and get response successfully
3) [FAILED] When Java Adapter set security annotation @OAuthSecurity(scope="adminRealm"), calling adapter endpoint will get missing_authorization / insufficient_scope in below scenarios
- Getting testtoken & set 'Authorization' header similar to test 1
- Without test token & without setting 'Authorization' header similar to test 2
My questions
1) Based on my understanding, in actual production, test token should not be used in calling adapter endpoint. Hence if Java Adapter has default security enabled, how to call in Postman successfully without that test token?
2) How do I call the adapter endpoint successfully using Angular 2 HTTP requests? I do not encounter this problem in calling normal REST endpoint using Angular 2 HTTP.
3) Do I need another endpoint to get access token in actual production, instead of that test token endpoint?