ONLINE HELP
 WINDEVWEBDEV AND WINDEV MOBILE
New WEBDEV 2025 feature!
Help / Developing an application or website / WEBDEV specific features / 
Subscribe
  • Overview
  • Requirements and installation
  • Prerequisite: Installing an HFSQL server
  • Installing WEBDEV Application Server
  • Creating OAuth credentials via the OAuth authorization server
  • Opening the Private Store website
  • Creating OAuth 2.0 credentials
  • Creating APIs for web services
  • Scopes
  • Using OAuth 2.0 credentials in WLanguage
  • "Application" token
  • "User" token
WINDEV
WindowsLinuxJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac Catalyst
Others
Stored procedures
OAuth server integrated into WEBDEV Application Server
Overview
The OAuth protocol is an open standard used to issue secure authorizations.
An OAuth authorization server manages the following aspects:
  • Secure authentication,
  • Authorizations,
  • Access tokens and refresh tokens,
  • Scopes (permissions associated with a token).
An OAuth authorization server can be hosted on a physical server of any type: local network ("on premise"), hosting provider, cloud, etc.
Starting with version 2025, WEBDEV Application Server includes an OAuth authorization server by default (see The different WEBDEV Application Servers).
To use this authorization server, simply activate the OAuth authorization server option when installing WEBDEV Application Server in version 2025.
This authorization server can also be used for SSO authentication.
These are the steps for using the OAuth server integrated into WEBDEV Application Server:
  1. Installing an HFSQL server on the web server.
  2. Installing WEBDEV Application Server and choosing BaaS services.
  3. Launching the BaaS administration site and creating OAuth credentials.
Requirements and installation

Prerequisite: Installing an HFSQL server

The HFSQL server setup program is available in the WINDEV or WINDEV Mobile installation package. If you do not own this installation package, the HFSQL server setup can also be found in our site (http://www.windev.com).
To install the HFSQL server from the WINDEV/WINDEV Mobile installation package:
  1. Start the WINDEV/WINDEV Mobile setup program.
  2. Select "HFSQL server setup".
  3. Then, select "Install or update an HFSQL server".
  4. Accept the license agreement.
  5. Select a platform ("For Windows on this computer").
  6. If there are HFSQL servers already installed on the current computer, select "Install a new server".
  7. Select the installation directory and specify the server name and port. The port 4900 will be used by default.
  8. Specify the login credentials of the user with administrator privileges that will be created by default on the HFSQL server. By default, this user is "Admin" and has no password.
  9. Install the HFSQL Control Center if it is not already installed or if it is not accessible from your computer.
  10. The wizard prompts you to configure the sending of notifications to identify server problems in real time. Select the desired option.
  11. The wizard allows you to enable the Active Directory authentication. Enable this option if necessary.
  12. You can help us improve by allowing us to collect information regarding the use of our products. This optional and anonymous collect allows PC SOFT to improve the product features.
  13. The installation is completed. By default (if you have not changed the administrator settings), to connect to the server in administrator mode, you must use the "Admin" user without password.
    Note: For security reasons, remember to change the administrator password.

Installing WEBDEV Application Server

WEBDEV Application Server allows you to install the modules required for the OAuth authorization server.
To install the WEBDEV Application Server:
  1. Select the installation language of WEBDEV Application Server and confirm.
  2. Select "Install full version" and enter the activation key. Proceed to the next step of the wizard.
  3. Accept the license agreement. Proceed to the next step of the wizard.
  4. Select the installation directory ("C:\WEBDEV" by default).
  5. Select the WEBDEV Application Server mode:
    • To install a standard WEBDEV Application Server, select "Stand-alone server".
    • To install a WEBDEV server cluster, select "Cluster".
    Select "Stand-alone server" and proceed to the next step of the wizard.
  6. This step allows you to specify the root directory for deploying websites and web services. Keep the default path and proceed to the next step.
  7. If it is the first time you install WEBDEV Application Server, specify the parameters of the Windows account that will be used as WEBDEV administrator. This account will also be called "Hosting account".
    You can create a new Windows account or use an existing Windows account.

    Select an option and proceed to the next step.
  8. If a previous version of WEBDEV Application Server has already been installed on the computer, the wizard allows you to:
    • manage the websites and web services from earlier versions. Keep the "Keep sites in their current versions" option and proceed to the next step.
    • import WEBDEV accounts. Keep the option "Don't import existing accounts" and proceed to the next step. Enter the login credentials of the Windows account that will be used as WEBDEV administrator. This account will also be called "Hosting account".
      You can create a new Windows account or use an existing Windows account.
      Select an option and proceed to the next step.
  9. This step allows you to enable remote administration sites:
    • WEBDEV Application Server administration site.
    • HFSQL administration site.
  10. The next step allows you to manage the hosting of SaaS websites. The SaaS activation automatically installs a website and a web service to manage your SaaS websites. For more details, see SaaS. Validate this step.
  11. The following steps allow you to enable replication and telemetry functionalities. You can enable these functionalities later, in the WEBDEV Application Server administrator.
    In our case, this server is not required. Keep the default option.
  12. The next step is to enable BaaS services to manage users, authentication and a Private Store.
    In our case, select "Enable BaaS". Go to the next step.
  13. Specify the characteristics of the HFSQL server used for the BaaS service.
    Note: This HFSQL server must have been previously installed (see prerequisites).
    These characteristics are:
    • Name of the HFSQL server,
    • Port.
    • Name and password of the HFSQL server administrator. This information is required to automatically configure the WDBaaS database and the associated user.
  14. Click "Test connection" to check your connection parameters.
  15. Specify the parameters specific to the WDBaaS database used for the User Groupware/Private Store/OAuth authentication:
    • name of the dedicated database: WDBAAS by default.
    • username and password for the database.
  16. Specify the password for the WDBaaS data files (existing or to be created).
  17. Specify the password of the WDBaaS site administrator (User: Admin).
  18. This database and its user will be automatically created.
  19. Go to the next step.
  20. In this next step, you can enable access to third-party databases.
    In our case, this access is not required. Keep the default option.
  21. Specify whether an SSL connection is required for the remote administration sites.
  22. In the next step, specify whether the ODBC driver is to be installed.
  23. The next step allows you to enable advanced settings.
  24. Go to the next step.
  25. The setup summary is displayed.
  26. Go to the next step.
  27. The wizard checks for a web server on the setup computer.
    • If no web server is installed on the setup computer, the wizard prompts you to install and configure one to use WEBDEV Application Server.
    • If there is a web server on the computer, the wizard configures it so that you can use WEBDEV Application Server.
  28. At the end of the setup, the wizard displays a summary:
    WDBaaS server connection token to be provided to the environment development:
    WDXxxxxxxxxxxxxxxxxxxxxx

    HFSQL account to be used so that the site and the WDBaas web service can access the HFSQL server:
    - Server: xxx
    - Database: xxx
    - User xxx - Password: xxx

    File password: xxx

    WDBaaS site administrator password (User: xxx): xxxx

    Keep this information. The token to connect to the WDBaaS server must be used:
    • in the User Groupware settings window in your WINDEV project.
    • in the User Groupware / Private Store settings window in your WINDEV Mobile project.
    • in the User Groupware configuration window in your WEBDEV project.
  29. Finish the wizard. You can directly launch the WDBaaS administration site of the Private Store.
Warning
Even if you only use the OAuth functionality, it is advisable to keep all this information. It will be required if you use the Private Store.
Creating OAuth credentials via the OAuth authorization server

Opening the Private Store website

To configure OAuth credentials, you need to use the Private Store website:
  1. Open the Private Store: http(s)://ComputerName/WDBAAS.
    Warning
    The Private Store is opened by specifying the computer name (or IP address) and not "localhost".
  2. Click "Log in".
  3. Enter the WDBAAS administrator login credentials. This information was provided at the end of the WEBDEV Application Server installation.
  4. Click "Administration".
  5. Go to the "OAuth 2.0 server" tab.
In this page, you can create OAuth 2.0 credentials and/or APIs for web services.
Note: You can also open the OAuth settings directly using an address with the following format: http(s)://ComputerName/wdbaas?OAUTH

Creating OAuth 2.0 credentials

To create OAuth 2.0 credentials:
  1. Click the "Create your first OAuth 2.0 credentials" link (or click the "Add credentials" button in the "OAuth 2.0 credentials" tab if you have already created credentials).
  2. The OAuth 2.0 credential configuration page appears. This page has 2 tabs:
    • General options: Allows you to define the parameters of the credentials to be created.
    • Login page: Defines the user login page (when a "User" token is used).
    By default, new tokens are created as User tokens. They can be transformed into Application tokens.
  3. The characteristics of the credentials are automatically generated in the "General options" tab. These include Client ID, Client Secret and creation date.
  4. Complete the details of the credentials:
    • Name of credentials. This name will simplify the search in the list of credentials.
    • Connection authorization. If the credentials are active, they can be used for testing and production purposes
    • One or more redirect URLs. By default: http://localhost:9874
    • Token lifetime (10 days by default).
    • Optional description.
    • Indicate whether the new token is a user token or an application token.
      In the case of a user token, you can define the login page.
    • Indicate whether SSO is available for these credentials.
  5. Copy the Client ID and Client Secret information, as they will be required in the client application when a token is requested.
  6. Click "Save" to create the credentials. A summary page appears with the various URLs required to request a token from the client application.

Creating APIs for web services

You can associate OAuth credentials with a REST API. To access a REST API, users will need to provide a token. Only a valid token can be used to access the API.
To define APIs for web services:
  1. Click the "Create your first API for web services" link (or click the "Add an API" button in the "APIs for web services" tab if you have already created APIs).
  2. Enter the details of the API entry point:
    • Name
    • API URL,
    • Optional description.
  3. Add the necessary scopes.
    Note: Scopes are described in APIs. They are used to filter functionalities according to the credentials.
  4. Click "Save" to create the API.
  5. Click the "OAuth 2.0 credentials" tab.
  6. Edit the OAuth 2.0 credentials you want to associate with the API.
  7. Click the "APIs" tab.
  8. Select the APIs to which the client application will have access.
  9. Click "Save".

Scopes

OAuth 2.0 scopes are a mechanism to limit an application's access to a user's account. Applications can request one or multiple "scopes". This information is presented to the user in a consent screen, and the access token issued to the application will be limited to the scopes granted.
By default, the following scopes are supported for connections via OpenID:
  • "openid": verifies user identity.
  • "profile": gets the user's name.
  • "email": gets the user's email address.
These scopes are returned by OpenIDReadIdentity.
You can add other scopes.
You can specify the desired scopes using the Scope property of OpenIDParameters and OAuth2Parameters variables. The "Source" property of OpenIDIdentity variables can also be used to get the value of these scopes. Simply search for the value in the corresponding JSON file.
Using OAuth 2.0 credentials in WLanguage
Reminder: The "OAuth 2.0 Server" tab contains the different URLs that will allow the use of tokens via OpenID or OAuth.

"Application" token

In this example, we will use an "Application" token without requesting login credentials. The WLanguage code is as follows: 
AuthParam is OAuth2Parameters
tok is AuthToken

AuthParam.ClientID = "b18b7850-8f4a-4d2a-9ee2-309876b36ba6"
AuthParam.ClientSecret = "4b3e99d8-b736-430e-a780-cb1586927e2d"
AuthParam.AuthURL = "http://doc-7/oauth2/v1/authorize"
AuthParam.TokenURL = "http://doc-7/oauth2/v1/token"
AuthParam.RedirectionURL = "http://localhost:9874"
AuthParam.GrantType = gtClientCredentials

tok = AuthIdentify(AuthParam)
IF ErrorOccurred THEN
	Error(ErrorInfo())
ELSE
	Info(tok.Value, tok.ExpirationDate)
END

"User" token

In this example, we will use a "User" token with a login page and we will request login credentials.
The WLanguage code is as follows: 
AuthParam is OAuth2Parameters
tok is AuthToken

AuthParam.ClientID = "b18b7850-8f4a-4d2a-9ee2-309876b36ba6"
AuthParam.ClientSecret = "4b3e99d8-b736-430e-a780-cb1586927e2d"
AuthParam.AuthURL = "http://doc-7/oauth2/v1/authorize"
AuthParam.TokenURL = "http://doc-7/oauth2/v1/token"
AuthParam.RedirectionURL = "http://localhost:9874"

tok = AuthIdentify(AuthParam)
IF ErrorOccurred THEN
	Error(ErrorInfo())
ELSE
	Info("Token value " + tok.Value, "Expiration date "+ tok.ExpirationDate)
	MyIdentity is OpenIDIdentity = OpenIDReadIdentity(tok)
	IF MyIdentity.Valid THEN
		Trace("Email address: " + MyIdentity.Email)
		Trace("Last name:" + MyIdentity.LastName)
		Trace("First name: " + MyIdentity.FirstName)
	END
END
You can also use a variable of type OpenIDParameters. The code becomes: 
openIDparam is OpenIDParameters

openIDparam.ClientID = "8351ea5f-19b6-4789-87ea-6ba01a3dffd2"
openIDparam.ClientSecret = "597fcab9-f76d-4555-abdb-06adcfeaf7d8"
openIDparam.ConfigurationURL = "http://doc-7/.well-known/openid-configuration"
openIDparam.RedirectionURL = "http://localhost:9874"
openIDparam.GrantType = gtAuthorizationCode

tok = AuthIdentify(openIDparam)
IF ErrorOccurred THEN
	Error(ErrorInfo())
ELSE
	Info(tok.Value, tok.ExpirationDate)
END
Important: The "Username/password" account must have an associated email address.
See also
Minimum version required
  • Version 2025
Comments
Click [Add] to post a comment

Last update: 02/10/2025

Send a report | Local help