hub.eb?material_id=543&track_id=546
Login
Back

OAuth 2.0

OAuth 2.0 is an authorisation framework that allows a user to grant a client application controlled access to the user’s data. Users are sent to an authorisation server to log in and since authentication is delegated to an authorisation server, the user’s credentials are not passed between applications. OAuth 2.0 can be used when the client application requires access to data stored by a third party.

The authorisation flow for OAuth 2.0 follows these steps:

  • User sends an authorisation request to the authorisation server.
  • If the credentials provided by the user are valid, the authorisation server returns an access token to the client application.
  • Whenever the client application makes an HTTP Request to the third party service, the access token is sent in the Authorization header.

Access tokens are designed to expire after a set duration and grant access only to specific user data.  In order to protect the access tokens from interception they should only be sent over HTTPS.

OAuth settings can be configured in the Server Admin App. An OAuth configuration can be referenced by name in the REST Resource Security Configuration or using the JavaScript API.

You can use the following JavaScript API functions to authorise a user using OAuth2.0:

You can set your own Authorization Header by field substituting the Access Token retrieved using the function: services.security.oauth.getTokens().getAccessToken()

Steps

1

You will need a Github account to complete the following steps (https://github.com).

Create a Form and add a Button Control with the text Authorise Github API.

Create a field called accessToken and add it to the page.

2

Open the Server Admin App. Go to OAuth Configuration and create a new OAuth Configuration called Github.

Set the Authorization URL to https://github.com/login/oauth/authorize and set the Token Request URL to https://github.com/login/oauth/access_token.

3

Go to https://github.com/settings/developers and create a new OAuth App.

Complete the OAuth application registration. The Authorization callback URL will be http://localhost:3050/ebasetest/ufsreturn (depending on your configuration the port may be 3051).

4

Once the application is registered, you will be provided with a Client id and Secret key. Copy these values into the OAuth Configuration in the server admin app.

5

Add a click event to the Button Control with the following line of code:

// Authorise the user
services.security.oauth.authorize('Github');
// Retrieve an Access Token 
fields.accessToken.value = services.security.oauth.getTokens('Github').getAccessToken();

6

Run the Form and click the button and proceed to authorize your app by logging in with your Github details when prompted.

You should see your access token on the page.

Previous PageNext Page

Current Module

REST Security
view
Introduction to REST Security
view
Basic Authentication
view
Digest Authentication
view
NTLM Authentication
view
OAuth 2.0
Securing a REST Service
view
REST Security in Code
view

Related

Calling REST Web Services using Resources
view
Handling an Endpoint Event
view
Introduction to REST Security
view
Testing a REST Endpoint
view
Securing a REST Service
view
Previous PageNext Page