|
|
|
|
|
|
|
|
|
|
- Properties specific to OAuth2Parameters variables
- Operating mode of OAuth 2.0 authentication
- PKCE authentication
- Authentication via "Client Secret Basic"
OAuth2Parameters (Variable type) In french: OAuth2Paramètres
The OAuth2Parameters type is used to define the information required to authenticate on a web service implementing the OAuth 2.0 standard. These characteristics can be defined and changed using different WLanguage properties. This type of variable must be passed as a parameter to AuthIdentify. If authentication is successful, this function returns an AuthToken variable, which can be used to make authenticated requests to the web service. Note: For more details on the declaration of this type of variable and the use of WLanguage properties, see Declaring a variable.
OAuth2Params is OAuth2Parameters
OAuth2Params.ClientID = "01234567890123456789"
OAuth2Params.ClientSecret = "98765432109876543210"
OAuth2Params.AuthURL = "https://www.dropbox.com/oauth2/authorize"
OAuth2Params.TokenURL = "https://api.dropboxapi.com/oauth2/token"
OAuth2Params.AdditionalParameters = "force_reapprove=false"
<COMPILE IF ConfigurationType<>Site>
OAuth2Params.RedirectionURL = "http://localhost:9874/"
<END>
MyToken is AuthToken = AuthIdentify(OAuth2Params)
req is httpRequest
req.Method = httpPost
req.URL = "https://api.dropboxapi.com/2/files/list_folder"
req.AuthToken = MyToken
req.ContentType = "application/json"
vAPIParam is Variant
vAPIParam.path = "/Homework/math"
vAPIParam.recursive = False
vAPIParam.include_media_info = False
vAPIParam.include_deleted = False
vAPIParam.include_has_explicit_shared_members = False
req.Content = VariantToJSON(vAPIParam)
HTTPresponse is httpResponse = HTTPSend(req)
let Data = JSONToVariant(HTTPresponse.Content)
 New in SaaSparam is an OAuth2Parameter
param.ClientID = "1060349503186-pc7ahmeb6h6mc3jd19nlva26kt7gk59q.apps.googleusercontent.com"
param.ClientSecret = "oBTQL52JiT82Wmuy9-76MpiM"
param.URLRedirection = "http://localhost:3400/"
param.URLAuth = "https://accounts.google.com/o/oauth2/v2/auth"
param.URLToken = "https://oauth2.googleapis.com/token"
param.Scope = "openid email"
param.ClientCertificate = fExeDir() + fSep() + "twr34o-7.pcsoft.com.pfx"
param.CustomerCertificatePassword = ""
param.Option = authClientSecretBasic
token is AuthToken = AuthIdentify(param)
IF token..Valid THEN
Info(token.ServerResponse)
ELSE
Error(ErrorInfo(errFullDetails))
END
Properties Properties specific to OAuth2Parameters variables The following properties can be used to handle the information required to perform the authentication: | | | | Property name | Type used | Effect |
|---|
| AdditionalParameters | Character string | Parameters of the first authentication request. This string must be formatted as URL parameters. New in SaaSNote: This parameter can be used, for example, to create a JWT assertion using the JWTCreateInsert function. To use this assertion, the TypeAuthorization property must match the constant taGrantTypeCustomized. Attention This feature is only available in WINDEV Suite SaaS 2025 Update 1. For more details, see Using new features exclusive to WINDEV 2025 SaaS. | | AuthURL | Character string | Authorization URL to be used (first URL of OAuth 2.0 specification). | New in SaaSClientCertificate | Character string or Buffer | Corresponds to:- a string containing a path to the ".p12" file containing the certificate to be attached to the request. The certificate will be automatically loaded taking into account:
- the certificate in the executable library (if it has been integrated into the application),
- the certificate at the specified location on disk (if the certificate has not been integrated into the executable library).
- a buffer with the certificate (fLoadBuffer).
If this property is set to an empty string (""), the default certificate is reset to "<None>". | New in SaaSClientCertificatePassword | Character string or Secret string | Password associated with the client certificate (empty string by default)New in version 2025Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "Ansi or Unicode string". To learn more about secret strings and how to use the vault, see Secret string vault. | | ClientID | Character string | Client ID provided by the service when registering the application. | | ClientSecret | Character string or Secret string | Secret application access code. This code is provided by the service when registering the application.
New in version 2025Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "Ansi or Unicode string". To learn more about secret strings and how to use the vault, see Secret string vault.
| | GrantType | Constant | Grant type available. The possible values are: - taApplicationCliente: Authentication without login window.
The access authorization is given to the application (not to the user). The token provided to access the resources of the application is linked to the application itself. - taCodeAuthorization (Default value): Connection authorization is given to the user. A login window appears to let users enter their username and password. The access token is linked to the user.
New in SaaStaGrantTypeCustom Authentication using the information specified in the AdditionalParameters. In particular, you can use a JWT assertion, created with the JWTCreateInsert function. Note: This constant is only available from WINDEV Suite SaaS 2025 Update 1. For more details, see Using new features exclusive to WINDEV 2025 SaaS. New in version 2025taPassword silent user authentication. Connection authorization is given to the user specified in the UserName property property (the associated password is specified via the Password). The token obtained is linked to the user.
| New in version 2025LogoutURL | Character string | Web service logout URL (if supported). Note: The Web service can only manage revocation.. In this case, the corresponding URL must be specified in the RevocationURL property. | | Option | Integer constant | Authentication options: - authDefault: OAuth authentication by default.
- authPKCE: Authentication via the PKCE (Proof Key for Code Exchange) protocol.
New in SaaSauthClientSecretBasic Authentication using Base64-encoded "ClientID" and "ClientSecret" in the HTTP request header. Requires a secure connection.
Note: The PKCE protocol provides additional security to OAuth authentication. In some cases, although PKCE is used, it may be necessary to specify the secret key (ClientSecret property). We advise you to check the information expected by the platform used. | New in version 2025Password | Character string or Secret string | Password associated with the user. This property is only used if the TypeAuthorization property corresponds to the constant taPassword. New in version 2025Secret strings: If you use the secret string vault, the type of secret string used for this parameter must be "Ansi or Unicode string". To learn more about secret strings and how to use the vault, see Secret string vault. | | RedirectionURL | Character string | Redirection URL to use during the authentication mechanism. | | ResponseType | Character string or constant | Type of response expected. The possible values are: - oauth2TypeResponseCode (or "Code"): The response is of type "Code"..
- oauth2TypeResponseToken (or "Token"): The response is of type "Token"..
The default value is oauth2ResponseTypeCode. Remarks: - For a "personal" authentication, the response type must be "Token".
- In the case of an authentication for an API or service (e.g. Google mail server), the response type must be "Code".
| New in version 2025RevocationURL | Character string | Web service revocation URL (if supported). Note: The Web service can only manage logout.. In this case, the corresponding URL must be specified in the LogoutURL property. | | Scope | Character string | Requested permissions. The possible values are specific to the web service used.
The possible values must be separated by a space. | | TokenURL | Character string | URL for retrieving the access token to use (second URL of OAuth 2.0 standard). | New in version 2025UserName | Character string | User name. This property is only used if the TypeAuthorization property corresponds to the constant taPassword. |
Remarks Operating mode of OAuth 2.0 authentication The steps of OAuth 2.0 authentication performed by AuthIdentify are as follows: - Running a first HTTP request to ask for an authorization (authorization URL specified in the OAuth2Parameters variable).
- Opening an OAuth 2.0 authentication window. The authentication window is defined by each service.
- After the authentication, the server returns an authorization code to request an access token. This code is added as parameter of second URL (access token URL specified in the OAuth2Parameters variable).
- Execution of second HTTP request for access token. The result is a JSON buffer that contains, among other elements, the access token ("access_token") to be used for the requests that require authentication. The AuthToken variable contains the information found in this JSON buffer. This access token will be used by the calls to the APIs of the web service.
To use the APIs of the web service, simply use HTTPSend with a variable of type httpRequest defining the request to be executed. The AuthToken variable will be assigned to the AuthToken property of the httpRequest variable (see example). In this case, the server will receive the HTTP header " Authorization"header with a value of the form: "Authorization: Bearer xxx_access_token_xxx". Caution: - If the server does not return the access token in the format of JSON code according to the OAuth2.0 standard, an error will occur and the token will not be retrieved. The server response can be retrieved via the ServerResponse property of the AuthToken variable.
- If the server does not support the HTTP "Authorization" header for transmitting the access token, this transmission must be done by the developer according to the format expected by the requested service.
The following example allows you to use the web service of Facebook. In this case, the access token must be specified on the request URL.  Code sample for Facebook
MyToken is AuthToken
MyTokenParam is OAuth2Parameters
MyTokenParam.ClientID = "123456789012345"
MyTokenParam.ClientSecret = "45g8jh5kll45579021qsg5444j"
MyTokenParam.AuthURL = "https://www.facebook.com/dialog/oauth"
MyTokenParam.TokenURL = "https://graph.facebook.com/v2.3/oauth/access_token"
MyTokenParam.RedirectionURL = "http://localhost:9874/"
MyTokenParam.Scope = "email"
MyToken = AuthIdentify(MyTokenParam)
IF MyToken <> Null THEN
IF ErrorOccurred THEN
Error(ErrorInfo())
ELSE
HTTPRequest("https://graph.facebook.com/me?access_token=" + MyToken.Value)
vMyRes is Variant = JSONToVariant(HTTPGetResult(httpResult))
Trace(vMyRes.name)
END
END
 Code sample for Facebook:
MyToken is AuthToken
MyTokenParam is OAuth2Parameters
MyTokenParam.ClientID = "1705548803004741"
MyTokenParam.ClientSecret = "7b3305a5aa1687ef04af001ec3388ecc"
MyTokenParam.AuthURL = "https://www.facebook.com/dialog/oauth"
MyTokenParam.TokenURL = "https://graph.facebook.com/oauth/access_token"
MyTokenParam.RedirectionURL = "fb1705548803004741://authorize/"
MyTokenParam.Scope = "email"
MyToken = AuthIdentify(MyTokenParam)
IF MyToken <> Null THEN
IF ErrorOccurred THEN
Error(ErrorInfo())
ELSE
HTTPRequest("https://graph.facebook.com/me?access_token=" + MyToken.Value)
vMyRes is Variant = JSONToVariant(HTTPGetResult(httpResult))
Trace(vMyRes.name)
END
END
PKCE authentication PKCE authentication example: OAuth2Params is OAuth2Parameters
OAuth2Params.ClientID = "D90iXZWlteM3ESORkGkoWyGkJuxifE1z"
OAuth2Params.Option = authPKCE
OAuth2Params.AuthURL = "https://dev-rw5r4o2eowb8s70k.us.auth0.com/authorize"
OAuth2Params.TokenURL = "https://dev-rw5r4o2eowb8s70k.us.auth0.com/oauth/token"
OAuth2Params.RedirectionURL = "http://localhost:9874"
OAuth2Params.Scope = "openid email"
MyToken is AuthToken = AuthIdentify(OAuth2Params)
IF MyToken <> Null _AND_ NOT ErrorOccurred THEN
MyIdentity is OpenIDIdentity = OpenIDReadIdentity(MyToken)
IF MyIdentity.Valid THEN
Trace(MyIdentity.Email)
Trace(MyIdentity.LastName)
Trace(MyIdentity.FirstName)
END
ELSE
Info("Error:" + ErrorInfo(errFullDetails))
END
New in SaaSAuthentication via "Client Secret Basic" Example of "Client Secret Basic" authentication: OAuth2Params is OAuth2Parameters
OAuth2Params.ClientID = "1060349503186-pc7ahmeb6h6mc3jd19nlva26kt7gk59q.apps.googleusercontent.com"
OAuth2Params.ClientSecret = "oBTQL52JiT82Wmuy9-76MpiM"
OAuth2Params.RedirectionURL = "http://localhost:3400/"
OAuth2Params.AuthURL = "https://accounts.google.com/o/oauth2/v2/auth"
OAuth2Params.TokenURL = "https://oauth2.googleapis.com/token"
OAuth2Params.Scope = "openid email"
OAuth2Params.Option = authClientSecretBasic
token is AuthToken = AuthIdentify(OAuth2Params)
IF token..Valid THEN
Info(token.ServerResponse)
END
Related Examples:
|
Training (WINDEV): WD OAuth
[ + ] OAuth allows you to act as user of an external platform without knowing the identifiers (user name and password) of this user. Several external platforms (among which Google, Twitter, Facebook) propose APIs for which you have the ability to connect with the information belonging to one of their users. This identification is performed via OAuth. Therefore, all the requests performed on their services (API, ...) will require an access token identifying both the application (the "client") and the user. The example proposes to connect to Google and Microsoft via the AuthConnect function and the OAuth2Parameter type.
|
This page is also available for…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|