This content has been translated automatically.  Click here  to view the French version.
Help / WLanguage / WLanguage functions / Communication / Managing the OAuth 2.0 protocol
  • Properties specific to AuthToken variables
  • Operating mode of OAuth 2.0 authentication
  • Using the AuthToken variables
WindowsLinuxUniversal Windows 10 AppJavaReports and QueriesUser code (UMC)
WindowsLinuxPHPWEBDEV - Browser code
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac CatalystUniversal Windows 10 App
Stored procedures
The AuthToken type contains the characteristics of a token used to access a Web service. This access token was requested beforehand:
  • by the AuthIdentify function.
  • by an HTTP request. In this case, the request returns the token in JSON format.
The characteristics of this access token can be defined and changed using different WLanguage properties.
Remark: For more details on the declaration of this type of variable and the use of WLanguage properties, see Declaring a variable.
// Example used to retrieve a token to perform a request on DropBox
OAuth2Params is OAuth2Parameters
OAuth2Params.ClientID = "01234567890123456789"
OAuth2Params.ClientSecret = "98765432109876543210"
OAuth2Params.AuthURL = ""
OAuth2Params.TokenURL = ""
OAuth2Params.AdditionalParameters = "force_reapprove=false"
<COMPILE IF ConfigurationType<>Site>
// If you are not using a website, you need to specify a localhost redirect URL
OAuth2Params.RedirectionURL = "http://localhost:9874/"
// Ask for authentication: opens the login window
MyToken is AuthToken = AuthIdentify(OAuth2Params)
// Request authenticated on a DropBox API
req is httpRequest
req.Method = httpPost
req.URL = ""
req.AuthToken = MyToken // Authentication token
req.ContentType = "application/json"
vAPIParam is Variant
vAPIParam.path = "/Homework/math"
vAPIParam.recursive = False
vAPIParam.include_media_info = False
vAPIParam.include_deleted = False
vAPIParam.include_has_explicit_shared_members = False
req.Content = VariantToJSON(vAPIParam)
HTTPresponse is httpResponse = HTTPSend(req)
let Data = JSONToVariant(HTTPresponse.Content)
// Use the incoming data...
// Retrieves the token (in JSON) via an HTTP request. The AuthIdentify function is not used
// Define the request
httpReq is httpRequest
httpReq.Method = httpPost
httpReq.User = PAYPAL_APP_ID
httpReq.Password = PAYPAL_SECRET
httpReq.Content = "grant_type=client_credentials"
httpReq.ContentType = "application/x-www-form-urlencoded"
// Execute query
httpRep is httpResponse = HTTPSend(httpReq)
// Retrieve the token
IF httpRep.StatusCode = 200 THEN
// Declares the parameters, required to refresh the token
oAuth2Param is OAuth2Parameters
oAuth2Param.ClientID = PAYPAL_APP_ID
oAuth2Param.ClientSecret = PAYPAL_SECRET
oAuth2Param.Scope = PAYPAL_SCOPES
oAuth2Param.TokenURL = PAYPAL_TOKEN
// Initializes the token with JSON
MyToken is AuthToken(oAuth2Param, httpRep.Content)
gMyToken <= MyToken

Declaring an AuthToken variable Hide the details

MyVariable is AuthToken
In this case, AuthIdentify is used to retrieve the token parameters.

Declaring and describing an AuthToken variable (without using the AuthIdentify function) Hide the details

MyVariable is AuthToken(<OAuth2 parameter> , <Token>)
<OAuth2 parameter>: OAuthParameters variable
Name of OAuth2Parameters variable containing the information required to authenticate on a service implementing the OAuth 2.0 standard.
<Token>: Character string
String in JSON or UTF8 format containing the token. Corresponds to the token returned by the service.

Properties specific to AuthToken variables

The following properties can be used to handle a token for accessing a Webservice:
Property nameType usedEffect
ExpirationDateDateTimeExpiration date and time of token.
RefreshCharacter stringValue returned by the server to determine if the token can be refreshed.
If this property is not specified, AuthRefreshToken cannot be used to refresh the token: you will have to request a new token..
ServerResponseBufferValue returned by the server during the request made by the access token.
This property is read-only.
ValidBooleanValidity of access token:
  • True if the access token is valid.
  • False otherwise.
This property is read-only.
ValueCharacter stringAccess token.
Value automatically filled when using AuthIdentify.
This value can be used to send authenticated requests onto the relevant Web service.

Operating mode of OAuth 2.0 authentication

The steps of OAuth 2.0 authentication performed by AuthIdentify are as follows:
  • Running a first HTTP request to ask for an authorization (authorization URL specified in the OAuth2Parameters variable).
  • Opening a window for user identification according to the OAuth 2.0 protocol. The identification interface is given by the service accessed.
  • After identification, the server returns a first authorization code allowing you to ask the resources for an access token. This code is added as parameter of second URL (access token URL specified in the OAuth2Parameters variable).
  • Running the second HTTP request to ask for the access token. The result is a JSON buffer that contains, among other things, the access token ("access_token") that will be used for the authenticated requests. The AuthToken variable contains the information found in this JSON buffer. This access token will be used by the calls to the APIs of Web service.
To use the APIs of the Web service, simply use the HTTPSend function with an httpRequest variable defining the query to be executed.
The AuthToken variable will be assigned to the AuthToken property of the httpRequest variable (see example).
In this case, the server will receive the HTTP "Authorization" header with a value in the following format: "Authorization: Bearer xxx_access_token_xxx".
  • If the server does not return the access token in the format of JSON code according to the OAuth2.0 standard, an error will occur and the token will not be retrieved. The server response can be retrieved via the ServerResponse property of the AuthToken variable.
  • If the server does not support the HTTP "Authorization" header for transmitting the access token, this transmission must be done by the developer according to the format expected by the requested service.
    The following example allows you to use the Web service of Facebook. In this case, the access token must be specified on the request URL.

    Using the AuthToken variables

    AuthToken variables can be used in the functions:
    Minimum version required
    • Version 22
    This page is also available for…
    Click [Add] to post a comment

    Last update: 03/31/2023

    Send a report | Local help