8.3 - vote for OAuth support for exposed REST services.

If you have questions or if you want to share your opinion about Aware IM post your message on this forum
ACDC
Posts: 1138
Joined: Sat Jun 30, 2007 5:03 pm
Location: California, USA

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by ACDC »

The REST service is one of the main reasons I will be upgrading to 8.2 shortly. I have third party corporate service insurance providers wishing to access confidential member record data, security is key here and OAUTH is definitely part of the equation. Not only will this provide security but also present a professional image and let me mix it up with the big dogs

x 1000
weblike
Posts: 1165
Joined: Sun Dec 02, 2012 12:00 pm
Location: Europe

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by weblike »

ACDC wrote:The REST service is one of the main reasons I will be upgrading to 8.2 shortly. I have third party corporate service insurance providers wishing to access confidential member record data, security is key here and OAUTH is definitely part of the equation. Not only will this provide security but also present a professional image and let me mix it up with the big dogs

x 1000
Well said.
Combined with the fact that last year GDPR came to our lives, I don't know others outside EU, but here every website, online app has to meet these regulations. Defenetly the security it's a must.
Thx,
George
________________________________
Developer Edition
AwareIM: v8.5, build 2824
OS: Windows Server 2012
DB: MySql 5.6.42
BenHayat
Posts: 2749
Joined: Thu Dec 23, 2010 5:48 am
Location: Fla, USA
Contact:

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by BenHayat »

...
Last edited by BenHayat on Sat Jan 19, 2019 10:53 am, edited 1 time in total.
BenHayat
Posts: 2749
Joined: Thu Dec 23, 2010 5:48 am
Location: Fla, USA
Contact:

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by BenHayat »

...
Last edited by BenHayat on Sat Jan 19, 2019 10:54 am, edited 1 time in total.
aware_support
Posts: 7523
Joined: Sun Apr 24, 2005 12:36 am
Contact:

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by aware_support »

Code: Select all

Support, I have searched ALL the docs about "Exposing" Aware's resources via REST service and I can't find anything.
This is documented in the HowTo document. There is also a video tutorial in the "Web Services" section.

If we implement this feature it will be fully integrated into Aware IM. You won't have to worry whether there is a special "server" or not. When you expose a service as a developer you will just tick some checkbox whether OAuth is supported or not. If this checkbox is ticked Aware IM will expect an access token to be provided in the HTTP header when this service is called by a 3rd party. Aware IM will automatically validate this header and refuse to execute the service if the header is not there or is invalid.

To get an access token a 3rd party will need to register with the owner of the application. To do this they will need to call a special URL where Aware IM will provide a special UI to register a "client". Then Aware IM will automatically generate "client key" and "client secret". Before calling any secure Aware IM REST service the 3rd part will need to authenticate itself first and get an access token, that he should then provide for each service call. To get an access token the 3rd party will need to call another special URL that Aware IM will provide and specify their "client key and secret".

That's in a nutshell how it will work. At least, this is the idea.
Aware IM Support Team
BenHayat
Posts: 2749
Joined: Thu Dec 23, 2010 5:48 am
Location: Fla, USA
Contact:

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by BenHayat »

...
Last edited by BenHayat on Sat Jan 19, 2019 10:54 am, edited 1 time in total.
BenHayat
Posts: 2749
Joined: Thu Dec 23, 2010 5:48 am
Location: Fla, USA
Contact:

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by BenHayat »

...
Last edited by BenHayat on Sat Jan 19, 2019 10:54 am, edited 1 time in total.
aware_support
Posts: 7523
Joined: Sun Apr 24, 2005 12:36 am
Contact:

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by aware_support »

Code: Select all

The statement in RED, How are you going to provide this UI since the client could be running in iOS (Flutter or Objective-C) or Android (Java or Flutter/Dart) or some JS library like React or Angular or Ionic..
No. Client ID and secret should only be obtained ONCE for a particular third party client. The UI will be a standard web desktop form (which may work on a mobile as well).

Code: Select all

Secondly, what do you mean third party? Are you saying Aware isn't going to be the original authenticating user system? How does this third party going to authenticate that user, if the user is stored in Aware DB?
You really need to read what OAuth protocol is. A third party is any external applications who will be calling REST services of your Aware IM application. A third party needs to obtain its client and secret first (done only once) and then present these to get an access token from the Aware IM-based application.
Aware IM Support Team
BenHayat
Posts: 2749
Joined: Thu Dec 23, 2010 5:48 am
Location: Fla, USA
Contact:

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by BenHayat »

...
Last edited by BenHayat on Sat Jan 19, 2019 10:55 am, edited 1 time in total.
aware_support
Posts: 7523
Joined: Sun Apr 24, 2005 12:36 am
Contact:

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by aware_support »

Code: Select all

If the User's credentials are stored in Aware DB (i.e. User ID and password) how is an outside third party authenticating service going to reach AwareIM DB to authenticate that user?
I really don't understand what you are talking about. User name and password have absolutely nothing to do with this. Aware IM will store user id and secret. This is not the same as user name and password. This id and secret are well known to the third party (client) - they are given to him explicitly.

PLEASE read the documentation about the OAuth protocol and let's not continue this discussion on this forum thread. It was not meant to be a discussion about OAuth details - just whether or not it will be useful to developers.
Aware IM Support Team
himanshu
Posts: 722
Joined: Thu Jun 19, 2008 6:24 am
Location: India
Contact:

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by himanshu »

Hi Everyone, here are my 2 cents on this topic.

OAuth is a framework which will really help users to take advantage of it without getting into the complexity of Authentication and Authorization. Yes, it will be great features if we have in AwareIM. This will not only opens the door of more possibilities where I can imagine running multiple AwareIM apps/3rd party apps and they can call each other API with the same authentication/authorization flow.

Currently, We are using JWT(JSON web token) in all our API for authentication much before version 8.0, when consuming REST API not exists. Example: every time when a new user register/login himself system create a new unique token which is used for calling API. A Token is saved on server and client side (native mobile) and later used every time for every request which authenticates and custom development we have a capability to control the flow of data.

There are still some drawbacks or limitation when we exposed REST API under AwareIM.

Below are the few of them
1. All attributes values get exposed if we want to return object limited attributes only. This is major issue which has other problems if you have large business object.
2. Multiple responses cannot be paged
3. All are GET API, POST API is recommended for sending data from client to server.
4. Not able to send credential data under using Authorization Header.
5. Not able to upload a document or any file today.
6. When there are multiple records and API request does not have any data, No way to define response.

There are still few tricks which help we can to achieve responses from AwareIM API.
From,
Himanshu Jain


AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
RLJB
Posts: 914
Joined: Tue Jan 05, 2010 10:16 am
Location: Sydney, Australia

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by RLJB »

+100

It's an obvious addition and much needed requirement. We will use it.

I find it hard to imagine most forum users with customers who are businesses wouldn't need/use it. In 2019 most leading business applications will get asked "do you have APIs?" ... with oAuth we could publish an open API on our Aware written platform, with great documentation and maintain competitive advantage.

For anyone who thinks they don't need this, I would like to hear what your app does and who your customers are, tell me over a beer at the Portugal conference and I'll see if I can change your mind.

thanks for suggesting it Support.
Rod. Aware 8.6 (latest build), Developer Edition, on OS Linux (Ubuntu) using GUI hosted on AWS EC2, MYSQL on AWS RDS
aware_support
Posts: 7523
Joined: Sun Apr 24, 2005 12:36 am
Contact:

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by aware_support »

Good news for those who need this feature. It WILL be included in the next version - we have done most of the work already.
Aware IM Support Team
weblike
Posts: 1165
Joined: Sun Dec 02, 2012 12:00 pm
Location: Europe

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by weblike »

aware_support wrote:Good news for those who need this feature. It WILL be included in the next version - we have done most of the work already.
Awesome support..Excellent news, Thank you
Thx,
George
________________________________
Developer Edition
AwareIM: v8.5, build 2824
OS: Windows Server 2012
DB: MySql 5.6.42
customaware
Posts: 2391
Joined: Mon Jul 02, 2012 12:24 am
Location: Ulaanbaatar, Mongolia

Re: 8.3 - vote for OAuth support for exposed REST services.

Post by customaware »

Good Job Support... Well Done.
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Image
Post Reply