Results 1 to 4 of 4

Thread: Adding oAuth2 security to our webservices

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #2
    Join Date
    Mar 2009
    Location
    Beech Hill - a village near Reading in the UK
    Posts
    2,812

    Default Re: Adding oAuth2 security to our webservices

    Roel

    Last year I built a sample OAuth2 secured API for the WebOrder sample, so this can be done.

    I am not totally happy with it, but it does work.

    The downside is that it is complicated if you want to go "the whole hog".

    First you have to add in to your API authentication based on a "Bearer" token passed in the HTTP Authorization header.

    Then you have to provide an authentication and authorization end-point which will validate the user and potentially allow them to restrict authorization to a limited sub-set of the API. That function should return a token to the calling application.

    Finally, if you are going to open things up to 3rd party developers (and why else would you need OAuth2?), you need to provide a site where they can register as developers for your API, then register applications for it (each of which should be given an ClientID and SecretKey).

    I could go on in detail, but you can see a sample client running at: http://test.unicorninterglobal.com/W...ent/Index.html. The API is nothing like as sophisticated as where I am currently at using the cJsonObjects and cWebHttpHandler (new in 19.1), but it will give you an idea.

    See: https://support.dataaccess.com/Forum...ESTful-service for more detail.

    Mike

    PS - if you want more on this, don't hesitate to get in touch: here or mpeat at unicorninterglobal dot com.
    Last edited by Mike Peat; 16-Dec-2018 at 12:57 PM. Reason: PS

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •