|
|
|
|
|
|
|
|
|
|
- How OAuth 2.0 authentication works
- How OpenID authentication works
AuthIdentify (Function) In french: AuthIdentifie Performs an authentication using: - the OAuth 2.0 protocol on any web service.
- the OpenID protocol on any web service.
- a JWT token.
OAuth2Params is OAuth2Parameters
OAuth2Params.ClientID = "01234567890123456789"
OAuth2Params.ClientSecret = "98765432109876543210"
OAuth2Params.AuthURL = "https://www.dropbox.com/oauth2/authorize"
OAuth2Params.TokenURL = "https://api.dropboxapi.com/oauth2/token"
OAuth2Params.AdditionalParameters = "force_reapprove=false"
<COMPILE IF ConfigurationType<>Site>
OAuth2Params.RedirectionURL = "http://localhost:9874/"
<END>
MyToken is AuthToken = AuthIdentify(OAuth2Params)
req is httpRequest
req.Method = httpPost
req.URL = "https://api.dropboxapi.com/2/files/list_folder"
req.AuthToken = MyToken
req.ContentType = "application/json"
vAPIParam is Variant
vAPIParam.path = "/Homework/math"
vAPIParam.recursive = False
vAPIParam.include_media_info = False
vAPIParam.include_deleted = False
vAPIParam.include_has_explicit_shared_members = False
req.Content = VariantToJSON(vAPIParam)
HTTPresponse is httpResponse = HTTPSend(req)
let Data = JSONToVariant(HTTPresponse.Content)
Syntax
Authentication via the OAuth 2.0 protocol (asynchronous syntax) Hide the details
AuthIdentify(<Authentication parameters> , <WLanguage procedure>)
<Authentication parameters>: OAuth2Parameters variable Name of the OAuth2Parameters variable containing the parameters describing the elements required to retrieve the access token. <WLanguage procedure>: Procedure name Name of the WLanguage procedure ("callback") called during the authentication. For more details on this procedure, see Parameters of the procedure used by AuthIdentify.
Authentication via the OpenID protocol (asynchronous syntax) Hide the details
AuthIdentify(<Authentication parameters> , <WLanguage procedure>)
<Authentication parameters>: OpenIDParameters variable Name of the OpenIDParameters variable containing the parameters describing the elements required to retrieve the access token. <WLanguage procedure>: Procedure name Name of the WLanguage procedure ("callback") called during the authentication. For more details on this procedure, see Parameters of the procedure used by AuthIdentify.
Using a JWT authentication Hide the details
<Result> = AuthIdentify(<Authentication parameters>)
<Result>: AuthToken variable AuthToken variable corresponding to the token containing the access information for the next requests that require authentication. <Authentication parameters>: JWTParameters variable Name of the JWTParameters variable containing the parameters describing the elements required to retrieve the access token.
Using a JWT authentication (asynchronous syntax) Hide the details
AuthIdentify(<Authentication parameters> , <WLanguage procedure>)
<Authentication parameters>: JWTParameters variable Name of the JWTParameters variable containing the parameters describing the elements required to retrieve the access token. <WLanguage procedure>: Procedure name Name of the WLanguage procedure ("callback") called during the authentication. For more details on this procedure, see Parameters of the procedure used by AuthIdentify. Remarks How OAuth 2.0 authentication works AuthIdentify performs the following actions to implement OAuth 2.0 authentication: - Executing a first HTTP authorization request (authorization URL specified in the OAuth2Parameters variable).
- Opening an OAuth 2.0 authentication window. The authentication window is defined by each service.
- After the authentication, the server returns an authorization code to request an access token. This code is added as parameter of second URL (access token URL specified in the OAuth2Parameters variable).
- Executing a second HTTP request to obtain the access token. The result is a JSON buffer that contains, among other elements, the access token ("access_token") to be used for the requests that require authentication. The AuthToken variable contains the information found in this JSON buffer. This access token will be used by the calls to the APIs of the web service.
To use the APIs of the web service, simply use HTTPSend with a variable of type httpRequest defining the request to be executed. The AuthToken variable will be assigned to the AuthToken property of the httpRequest variable (see example). In this case, the server will receive the HTTP " Authorization" request header with a value in the following format: "Authorization: Bearer xxx_access_token_xxx". Caution: - If the server does not return the access token as JSON code in compliance with the OAuth2.0 standard, an error will be generated and the token will not be retrieved. The server response can be retrieved via the ServerResponse property of the AuthToken variable.
- If the server does not support the HTTP "Authorization" header for transmitting the access token, this transmission must be done by the developer according to the format expected by the requested service.
The following example allows you to use the web service of Facebook. In this case, the access token must be specified on the request URL. Code sample for Facebook
MyToken is AuthToken
MyTokenParam is OAuth2Parameters
MyTokenParam.ClientID = "123456789012345"
MyTokenParam.ClientSecret = "45g8jh5kll45579021qsg5444j"
MyTokenParam.AuthURL = "https://www.facebook.com/dialog/oauth"
MyTokenParam.TokenURL = "https://graph.facebook.com/v2.3/oauth/access_token"
MyTokenParam.RedirectionURL = "http://localhost:9874/"
MyTokenParam.Scope = "email"
MyToken = AuthIdentify(MyTokenParam)
IF MyToken <> Null THEN
IF ErrorOccurred THEN
Error(ErrorInfo())
ELSE
HTTPRequest("https://graph.facebook.com/me?access_token=" + MyToken.Value)
vMyRes is Variant = JSONToVariant(HTTPGetResult(httpResult))
Trace(vMyRes.name)
END
END
How OpenID authentication works The following are OpenID authentication steps performed by AuthIdentify: - Running a first HTTP request to ask for an authorization (authorization URL specified in the OpenIDParameters variable).
- Opening an OpenID authentication window. The authentication window is defined by each service.
- Executing a second HTTP request to get the access token after the authentication. The result is a JSON buffer that contains, among other elements, the access token ("access_token") to be used for the requests that require authentication. The AuthToken variable contains the information found in this JSON buffer. This access token will be used by the calls to the APIs of the web service.
Note: If the server does not return the access token as JSON code as specified by the OAuth2.0 standard, an error will be generated and the token will not be retrieved. The server response can be retrieved via the ServerResponse property of the AuthToken variable.
Related Examples:
|
Training (WINDEV): WD OAuth
[ + ] OAuth allows you to act as user of an external platform without knowing the identifiers (user name and password) of this user. Several external platforms (among which Google, Twitter, Facebook) propose APIs for which you have the ability to connect with the information belonging to one of their users. This identification is performed via OAuth. Therefore, all the requests performed on their services (API, ...) will require an access token identifying both the application (the "client") and the user. The example proposes to connect to Google and Microsoft via the AuthConnect function and the OAuth2Parameter type.
|
Business / UI classification: Business Logic
This page is also available for…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|