Results 1 to 9 of 9

Thread: Synergy 2019 training and the Library

  1. #1
    Join Date
    Feb 2009
    Location
    Nuth, Netherlands
    Posts
    979

    Default Synergy 2019 training and the Library

    Hello Mike,

    Working through your Synergy 2019 presentation session on REST api.
    Very useful and interesting.

    Missing something to continue.
    The Restfullapi Library. It is not included in DF19.1 if i'm not mistaken.

    Looked at your older stuff but that is pre-DF19.1 and not useful anymore (= assumption)

    Can you supply us with the Restful Api Library that you use in the presentation?

    Tia
    Roel

  2. #2

    Default Re: Synergy 2019 training and the Library

    Roel,

    Also just working through it and have to admit it is pretty amazing.
    That clearly has taken a lot of work.

    Have forwarded Mike's email from last week to you. Hope Mike doesn't mind.
    --
    Wil

  3. #3
    Join Date
    Mar 2009
    Location
    Beech Hill - a village near Reading in the UK
    Posts
    1,147

    Default Re: Synergy 2019 training and the Library

    I don't mind.

    We are working on it - it will be available soon.

    Mike

  4. #4
    Join Date
    Feb 2009
    Location
    Nuth, Netherlands
    Posts
    979

    Default Re: Synergy 2019 training and the Library

    Hello Mike,

    Thank you. Problem solved.

    Nice to have our data externally available with almost no effort.
    But security is also needed.

    So, are there any plans in extending the library with oAuth2?
    Happy to $ for this. Within reason of course.

    Roel

  5. #5
    Join Date
    Mar 2009
    Location
    Beech Hill - a village near Reading in the UK
    Posts
    1,147

    Default Re: Synergy 2019 training and the Library

    Roel

    A couple of years ago I built an OAuth 2.0 infrastructure for a RESTful interface for the WebOrder system. All very primitive from what I know today, but it proved it could be done. See this post (but you know that. 'coz you commented on it!).

    Mike

  6. #6
    Join Date
    Mar 2009
    Location
    Beech Hill - a village near Reading in the UK
    Posts
    1,147

    Default Re: Synergy 2019 training and the Library

    For everybody else who is thinking about REST services and security, the library (actually the cRESTfulService class) has "Basic Auth" (username & password) handling features built into it:

    In your restful service object (the one based on cRESTfulService) before the object itself, open WebAppUser, and in the object the declare a string property:
    Code:
    Open WebAppUser
    
    Object oMyRestfulService is a cRESTfulService
        Property String psUsername
    
        // ... etc.
    Then override the OnPreRequest procedure (it does nothing by default) in it as follows:
    Code:
    Procedure OnPreRequest String sVerb String sPath
        tBasicAuthCredentials tCreds
        Boolean bOK
        
        Set psUserName           to ""
        Get BasicAuthCredentials to tCreds   // Just a pair of strings - username and password
        
        If (tCreds.sUsername <> "") Begin
            Clear WebAppUser
            Move tCreds.sUserName to WebAppUser.LoginName
            Find eq WebAppUser by Index.1
                
            If (Found) Begin
                Move (ComparePasswords(ghoWebSessionManager, ;
                                     Trim(WebAppUser.Password), ;
                                     tCreds.sPassword)) to bOK
                
                If bOK ;
                    Set psUsername to tCreds.sUserName
            End
            
        End
        
    End_Procedure
    Then at the top of the ProcessHttpRequest procedure, put:
    Code:
    Procedure ProcessHttpRequest String sVerb
        String sPart0
        
        If (psUsername(Self) = "") Begin
             Send BasicAuthRequired "Synergy 2019"  // Here replace "Synergy 2019" with something that identifies your app - technically a "realm"
             Procedure_Return
        End
    
        Get PathPart 0 to sPart0
        Move (Lowercase(sPart0)) to sPart0
    
    
        //    ... etc.
    Of course once you have done that you will need to supply a valid username and password in every call to the service. This is easy in a browser: it will ask you once then remember them. In Postman, you will have to select "Basic Auth" for every call, but it will remember the credentials for that. If using a DataFlex client, set psUserName and psPassword of the cHttpTransfer object in question.

    Mike

    (PS - in real life, only EVER do this over HTTPS!)
    Last edited by Mike Peat; 3-Jul-2019 at 08:40 AM. Reason: PS

  7. #7
    Join Date
    Feb 2009
    Location
    Brazil
    Posts
    2,005

    Default Re: Synergy 2019 training and the Library

    Nice!!!
    thanks Mike!

    basic authentication is 100% better than nothing for sure!
    Samuel Pizarro

  8. #8
    Join Date
    Mar 2009
    Location
    Beech Hill - a village near Reading in the UK
    Posts
    1,147

    Default Re: Synergy 2019 training and the Library

    Samuel

    I have not built OAuth 2.0 facilities into the class (not yet, at least) because there are so many ways to do it. Basic Auth is at least precisely defined in how it works, although the code I posted uses the WebAppUser table directly - even that might be different for every app, but at least it shows you how to start.

    Even if I did provide OAuth 2.0 facilities, there would still be the question of how to provide a login and permissions mechanism (which would probably be a separate app), what the tokens should look like (I use JWTs, but there are many other approaches), how to interpret them, and all that stuff. I can do it for any given app, but it is hard to do in a generic class.

    Mike

  9. #9
    Join Date
    Feb 2009
    Location
    Brazil
    Posts
    2,005

    Default Re: Synergy 2019 training and the Library

    Thanks for all your effort Mike!
    Samuel Pizarro

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •