Hi guys

Taking the stuff I have been doing with DataFlex RESTful web services (thanks to Harm!) to a logical conclusion, I have built a RESTful web service for the DF19.0 WebOrder application (not too tricky in itself), but have also built OAuth 2.0 authentication into it, so it can only be accessed by valid users (actually held in the WebOrder_19 WebAppUser table).

The service itself is hosted on www.unicorninterglobal.com, but obviously (obvious to some
) you can't just access it there; trying something like https://www.unicorninterglobal.com/W.../Customer/List from a browser will just get you an error: {"code":-32094,"message":"Invalid Authorization Token","data":""}, because you will not have presented a valid OAuth 2.0 token with your request. (For those who care, those tokens are JWTs - JSON Web Tokens - secured with an SHA256 HMAC signature... you may have noticed me posting elsewhere about having finally worked out how to do that.)

So in addition I have built a demo client for the service, using my DataFlex OAuth2 component (available here:
DFOAuth2-Beta2.zip). That demo client is available on a different server: http://test.unicorninterglobal.com/W...ent/Index.html so as to simulate a third-party application using the service.

That demo client will allow you to log into the service using OAuth 2.0 authentication: on clicking on the Login to WebOrder Service button there you should be presented with a login page from https://www.unicorninterglobal.com and following logging in a second page letting you chose which APIs (from a list of: Customer, Orders, Inventory, Vendor and Salesperson) and what level of access - full, read-only or none - to allow for each.

Once you allow that access the Demo application will then be able to access the WebOrder data the user you have logged in as has rights to (see the "Instructions" tab on the Demo for more information on those users and user-types, but the usual John / John will get you in with full rights to everything as a start). The standard WebOrder sample is also available at https://www.unicorninterglobal.com/W..._19/Index.html, running on the same data (and indeed built into the same WebApp.exe) as the service so you can check that any changes you make through the service are relected in that.

In addition to tabs for each of the APIs, the demo also has an API Testing tab which you can use to explore calls to the API. There is usage information on that on the Instructions tab,

So far, so good, but to be of any use, third-party developers need to be able to access the service as well, so I have created a Developer Portal for it at: https://www.unicorninterglobal.com/A...onRegistration which will allow you to register as a developer then register your own applications, each of which will be given a "client ID" and a "client secret" to use and for which you can register the Authorized Redirect URL(s) which are required in order for the OAuth 2.0 mechanism to work.

The Introduction page in that app gives further information about what you need to build into a web application (URLs to use, etc.) for it then to be able to access the service on behalf of users (although for DataFlex developers this probably needs to be read in conjunction with the OAuth2 component documentation: https://docs.google.com/document/d/1...h.kh6mr43zuuy7). (NOTE: due to problems with our ISP, through whom confirmation and other e-mails are sent from the portal, HotMail e-mail addresses will not work. Sorry!)

I would love it if someone with an interest would try building a client app for the service to see if the whole infrastructure will work for anybody but me (and perhaps assure me that that there is a real world out there and that this is not all just going on inside my head as I sit rocking back and forth in a corner of my padded cell!
). It could be a DataFlex webapp, or anything else (Johan, my PHP-lovin' friend... feel like a challenge? ).

Mike