OAuth2Parameters (Type of variable)

ONLINE HELP
WINDEV, WEBDEV AND WINDEV MOBILE

Version:

Home | Sign in | English

Help

WLanguage

WLanguage functions

Communication

Managing the OAuth 2.0 protocol

OAuth2Parameters

Presentation

Example

Properties specific to the description of OAuth2Parameters variables

Operating mode of OAuth 2.0 authentication

Related examples

See also

OAuth2Parameters (Type of variable)

In french: OAuth2Paramètres

The OAuth2Parameters type is used to define the information required to authenticate on a Web service implementing the OAuth 2.0 standard. These characteristics can be defined and changed using different WLanguage properties.

This type of variable must be passed as parameter to AuthIdentify. In case of success, this function returns an AuthToken variable that can be used to perform authenticated queries on the Web service.

Remark: For more details on the declaration of this type of variable and the use of WLanguage properties, see Declaring a variable.

Example

// Exemple permettant de récupérer un token pour effectuer une requête sur DropBox
OAuth2Params is OAuth2Parameters
OAuth2Params.ClientID = "01234567890123456789"
OAuth2Params.ClientSecret = "98765432109876543210"
OAuth2Params.AuthURL = "https://www.dropbox.com/oauth2/authorize"
OAuth2Params.TokenURL = "https://api.dropboxapi.com/oauth2/token"
OAuth2Params.AdditionalParameters = "force_reapprove=false"
<COMPILE IF TypeConfiguration<>Site>
//Si ce n'est pas dans un site WEB il faut une URL de redirection en localhost
OAuth2Params.RedirectionURL = "http://localhost:9874/"
<END>

// Demande d'authentification: ouvre la fenêtre de login
MonToken is AuthToken = AuthIdentify(OAuth2Params)

// Requête authentifiée sur une API de DropBox
req is httpRequest
req.Method = httpPost
req.URL = "https://api.dropboxapi.com/2/files/list_folder"
req.AuthToken = MonToken // Token d'authentification
req.ContentType = "application/json"
vParamAPI is Variant
vParamAPI.path = "/Homework/math"
vParamAPI.recursive = False
vParamAPI.include_media_info = False
vParamAPI.include_deleted = False
vParamAPI.include_has_explicit_shared_members = False
req.Content = VariantToJSON(vParamAPI)

réponseHTTP is httpResponse = HTTPSend(req)
let Données = JSONToVariant(réponseHTTP.Content)
// Utilisation des données reçues ...

Remarks

Properties specific to the description of OAuth2Parameters variables

The following properties can be used to handle the information required to perform the authentication:

Property name	Type used	Effect

AdditionalParameters	Character string	Parameters of first authentication query. This string must be formatted like the URL parameters.
AuthURL	Character string	Authorization URL to be used (first URL of OAuth 2.0 specification).
ClientID	Character string	Client identifier supplied by the service when registering the application.
ClientSecret	Character string	Secret access code of application. This code is given by the service when saving the application.
RedirectionURL	Character string	Redirection URL to use during the authentication mechanism. For a Windows or Android application, this URL must have the following format "http://localhost:PortNumber". This value must be strictly identical to the one specified when declaring the application in the relevant Web service.
ResponseType	Character string or constant	Type of response expected. The possible values are: oauth2ResponseTypeCode (or "Code"): The response is of type "Code". oauth2ResponseTypeToken (or "Token"): The response is of type "Token". oauth2ResponseTypeToken is the default value. Remark: For a "personal" authentication, the response type must be "Token". In the case of an authentication for an API or service (e.g. Google mail server), the response type must be "Code".
Scope	Character string	Requested permissions. The possible values are specific to the Web service used.
TokenURL	Character string	URL for retrieving the access token to use (second URL of OAuth 2.0 standard).

Operating mode of OAuth 2.0 authentication

The steps of OAuth 2.0 authentication performed by AuthIdentify are as follows:

Running a first HTTP request to ask for an authorization (authorization URL specified in the OAuth2Parameters variable).
Opening a window for user identification according to the OAuth 2.0 protocol. The identification interface is given by the service accessed.
After identification, the server returns a first authorization code allowing you to ask the resources for an access token. This code is added as parameter of second URL (access token URL specified in the OAuth2Parameters variable).
Running the second HTTP request to ask for the access token. The result is a JSON buffer that contains, among other things, the access token ("access_token") that will be used for the authenticated requests. The AuthToken variable contains the information found in this JSON buffer. This access token will be used by the calls to the APIs of Web service.

To use the APIs of the Web service, simply use the HTTPSend function with an httpRequest variable defining the query to be executed.
The AuthToken variable will be assigned to the AuthToken property of the httpRequest variable (see example).
In this case, the server will receive the HTTP "Authorization" header with a value in the following format: "Authorization: Bearer xxx_access_token_xxx".

Caution:

If the server does not return the access token in the format of JSON code according to the OAuth2.0 standard, an error will occur and the token will not be retrieved. The server response can be retrieved via the ServerResponse property of the AuthToken variable.
If the server does not support the HTTP "Authorization" header for transmitting the access token, this transmission must be done by the developer according to the format expected by the requested service.
The following example allows you to use the Web service of Facebook. In this case, the access token must be specified on the request URL.
- Code sample for Facebook
  
  // Example used to retrieve the name of the Facebook account
  MyToken is AuthToken
  MyTokenParam is OAuth2Parameters
  
  MyTokenParam.ClientID = "123456789012345"
  MyTokenParam.ClientSecret = "45g8jh5kll45579021qsg5444j"
  MyTokenParam.AuthURL = "https://www.facebook.com/dialog/oauth"
  MyTokenParam.TokenURL = "https://graph.facebook.com/v2.3/oauth/access_token"
  MyTokenParam.RedirectionURL = "http://localhost:9874/"
  MyTokenParam.Scope = "email"
  
  MyToken = AuthIdentify(MyTokenParam)
  IF MyToken <> Null THEN
  IF ErrorOccurred THEN
  Error(ErrorInfo())
  ELSE
  // Token specified on the request URL
  HTTPRequest("https://graph.facebook.com/me?access_token=" + MyToken.Value)
  vMyRes is Variant = JSONToVariant(HTTPGetResult(httpResult))
  // Retrieve the account name
  Trace(vMyRes.name)
  END
  END

Related Examples:

Training (WINDEV): WD OAuth

[ + ] OAuth allows you to act as user of an external platform without knowing the identifiers (user name and password) of this user.
Several external platforms (among which Google, Twitter, Facebook) propose APIs for which you have the ability to connect with the information belonging to one of their users. This identification is performed via OAuth. Therefore, all the requests performed on their services (API, ...) will require an access token identifying both the application (the "client") and the user.
The example proposes to connect to Google and Microsoft via the AuthConnect function and the OAuth2Parameter type.