2

This is the first time our COBOL CICS team has attempted to obtain an OAuth Access Token. We have been at this for some time have asked a number of colleagues from various disciplines for advice but to date have this (hopefully) one last step which we just cannot get past. Hoping someone has had experience of this kind of integration and can provide some suggestions.

We are struggling to obtain a successful OAuth access token response from a COBOL CICS program. We receive a successful response form Postman, but when we try the call in our Web Converse we receive a HTTP 400 (Bad Syntax) response:

x3.1 CICS-RESP = 0000000000
HTTP-RESP 00400
HTTP error { "error_description" : "grant_type is required"

We are building the OAuth as per below. Note the "grant-type" is converted to "grant_type" when the JSON is constructed.

MOVE 1                        TO grant-type-num      
MOVE 'client_credentials'     TO grant-type          
MOVE 1                        TO client-id-num       
MOVE 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'          
                              TO client-id           
MOVE 1                        TO client-secret-num   
MOVE 'xxxxxx-xxxxx'           TO client-secret.

Our program then fails in the CICS WEB CONVERSE, where it cannot seem to hit the OAuth service:

EXEC CICS GET CONTAINER('JWT-JSON') 
          CHANNEL(WS-CHANNELNAME)   
          INTO(W01-MESSAGE)         
          RESP(CICS-RESP)           
          RESP2(CICS-RESP2)         
END-EXEC                            
                                    
DISPLAY "W03-Message" W01-MESSAGE   
                                    
MOVE 256           TO STATUSLEN     
                                    
EXEC CICS WEB CONVERSE              
     URIMAP('FXJWTCLR')             
     POST                           
     NONE                           
     CLOSE                          
     MEDIATYPE(CONTENT-TYPE-H)      
     CHANNEL(WS-CHANNELNAME)        
     CONTAINER('JWT-JSON')          
     TOCHANNEL(WS-CHANNELNAME)      
     TOCONTAINER('JWT-RESPONSE')    
     RESP(CICS-RESP)                
     RESP2(CICS-RESP2)              
     SESSTOKEN(TOKEN)               
     STATUSCODE(HTTP-RESP)          
     STATUSTEXT(STATUSTEXT)         
     STATUSLEN(STATUSLEN)           
END-EXEC.

We receive the "grant_type is required" even though we are passing grant type in my program and converting the COBOL data to JSON before calling WEB CONVERSE. To be clear here is snippet of code where we compile the JSON:

EXEC CICS TRANSFORM DATATOJSON     
          CHANNEL(WS-CHANNELNAME)  
          INCONTAINER('JWT-TOKEN') 
          OUTCONTAINER('JWT-JSON') 
          TRANSFORMER('FXJWT')     
          RESP(CICS-RESP)          
          RESP2(CICS-RESP2)        
END-EXEC.

If we create the JSON manually ad pass to Postman, it seems to work fine.

not sure if we have shared sufficient code snippets here?

GuzziTony
  • 49
  • 7
  • 1
    Please edit the question using text instead of images and only use them _additional_ if they somehow help to get the point across. For all CICS and COBOL code that definitely isn't the case, it also isn't for requests/responses in JSON format, please insert them as plain code, allowing it to be searched, found and easily read on multiple devices (including screen readers). – Simon Sobisch Feb 28 '23 at 13:38
  • 1
    Thanks Simon I have updated. Into Text format. – GuzziTony Feb 28 '23 at 14:59
  • My guess would be it's a codepage issue. `WEB CONVERSE` seems to do a conversion EBCDIC->ISO8859. Unfortunately I could not find any information what ccsid is produced by `TRANSFORM DATATOJSON`. So if that is UTF-8 (as required by JSON standard) you would have to disable character conversion on the `WBE CONVERSE` via `NOCLICONVERT`. So try checking the codepage in your container first. – piet.t Mar 01 '23 at 06:02

1 Answers1

2

There are a number of places where the error might be in your scenario. There isn't enough information to go on with what you have provided so far.

  1. The structure passed to the TRANSFORM DATATOJSON command may be incorrect. With optional elements you can pass in a structure that will generate an almost empty JSON message. This will be a success as far as the command is concerned, but obviously not what is required by the application. You need to make sure you have populated the structure and placed it into the 'JWT-TOKEN' container correctly.
  2. The produced JSON message may be incorrect despite correct input to the TRANSFORM command. You appear to have a DISPLAY command to list out the container contents but don't indicate if this shows the expected JSON message or not.
  3. Finally the valid JSON message is somehow not sent to the server correctly. You would need to capture the network traffic to see what is being sent. You can use whatever network packet trace tool you are used to or you could capture a CICS trace with the PG, WB and SO components set to 1-2 and the rest of the components set to 1. Formatting the trace in FULL will allow you to see the data being sent to the server. The CICS trace has the advantage that you can potentially spot the cause of the problem if it does show the data is incorrect. I wouldn't have expected a codepage conversion problem because the data being sent is in a container and will be obtained from there in the codepage that is required.
Mark Pocock
  • 31
  • 1