The REST service is one of the main reasons I will be upgrading to 8.2 shortly. I have third party corporate service insurance providers wishing to access confidential member record data, security is key here and OAUTH is definitely part of the equation. Not only will this provide security but also present a professional image and let me mix it up with the big dogs
x 1000
8.3 - vote for OAuth support for exposed REST services.
Re: 8.3 - vote for OAuth support for exposed REST services.
Well said.ACDC wrote:The REST service is one of the main reasons I will be upgrading to 8.2 shortly. I have third party corporate service insurance providers wishing to access confidential member record data, security is key here and OAUTH is definitely part of the equation. Not only will this provide security but also present a professional image and let me mix it up with the big dogs
x 1000
Combined with the fact that last year GDPR came to our lives, I don't know others outside EU, but here every website, online app has to meet these regulations. Defenetly the security it's a must.
Thx,
George
________________________________
Developer Edition
AwareIM: v8.5, build 2824
OS: Windows Server 2012
DB: MySql 5.6.42
George
________________________________
Developer Edition
AwareIM: v8.5, build 2824
OS: Windows Server 2012
DB: MySql 5.6.42
Re: 8.3 - vote for OAuth support for exposed REST services.
...
Last edited by BenHayat on Sat Jan 19, 2019 10:53 am, edited 1 time in total.
Re: 8.3 - vote for OAuth support for exposed REST services.
...
Last edited by BenHayat on Sat Jan 19, 2019 10:54 am, edited 1 time in total.
-
- Posts: 7526
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: 8.3 - vote for OAuth support for exposed REST services.
Code: Select all
Support, I have searched ALL the docs about "Exposing" Aware's resources via REST service and I can't find anything.
If we implement this feature it will be fully integrated into Aware IM. You won't have to worry whether there is a special "server" or not. When you expose a service as a developer you will just tick some checkbox whether OAuth is supported or not. If this checkbox is ticked Aware IM will expect an access token to be provided in the HTTP header when this service is called by a 3rd party. Aware IM will automatically validate this header and refuse to execute the service if the header is not there or is invalid.
To get an access token a 3rd party will need to register with the owner of the application. To do this they will need to call a special URL where Aware IM will provide a special UI to register a "client". Then Aware IM will automatically generate "client key" and "client secret". Before calling any secure Aware IM REST service the 3rd part will need to authenticate itself first and get an access token, that he should then provide for each service call. To get an access token the 3rd party will need to call another special URL that Aware IM will provide and specify their "client key and secret".
That's in a nutshell how it will work. At least, this is the idea.
Aware IM Support Team
Re: 8.3 - vote for OAuth support for exposed REST services.
...
Last edited by BenHayat on Sat Jan 19, 2019 10:54 am, edited 1 time in total.
Re: 8.3 - vote for OAuth support for exposed REST services.
...
Last edited by BenHayat on Sat Jan 19, 2019 10:54 am, edited 1 time in total.
-
- Posts: 7526
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: 8.3 - vote for OAuth support for exposed REST services.
Code: Select all
The statement in RED, How are you going to provide this UI since the client could be running in iOS (Flutter or Objective-C) or Android (Java or Flutter/Dart) or some JS library like React or Angular or Ionic..
Code: Select all
Secondly, what do you mean third party? Are you saying Aware isn't going to be the original authenticating user system? How does this third party going to authenticate that user, if the user is stored in Aware DB?
Aware IM Support Team
Re: 8.3 - vote for OAuth support for exposed REST services.
...
Last edited by BenHayat on Sat Jan 19, 2019 10:55 am, edited 1 time in total.
-
- Posts: 7526
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: 8.3 - vote for OAuth support for exposed REST services.
Code: Select all
If the User's credentials are stored in Aware DB (i.e. User ID and password) how is an outside third party authenticating service going to reach AwareIM DB to authenticate that user?
PLEASE read the documentation about the OAuth protocol and let's not continue this discussion on this forum thread. It was not meant to be a discussion about OAuth details - just whether or not it will be useful to developers.
Aware IM Support Team
Re: 8.3 - vote for OAuth support for exposed REST services.
Hi Everyone, here are my 2 cents on this topic.
OAuth is a framework which will really help users to take advantage of it without getting into the complexity of Authentication and Authorization. Yes, it will be great features if we have in AwareIM. This will not only opens the door of more possibilities where I can imagine running multiple AwareIM apps/3rd party apps and they can call each other API with the same authentication/authorization flow.
Currently, We are using JWT(JSON web token) in all our API for authentication much before version 8.0, when consuming REST API not exists. Example: every time when a new user register/login himself system create a new unique token which is used for calling API. A Token is saved on server and client side (native mobile) and later used every time for every request which authenticates and custom development we have a capability to control the flow of data.
There are still some drawbacks or limitation when we exposed REST API under AwareIM.
Below are the few of them
1. All attributes values get exposed if we want to return object limited attributes only. This is major issue which has other problems if you have large business object.
2. Multiple responses cannot be paged
3. All are GET API, POST API is recommended for sending data from client to server.
4. Not able to send credential data under using Authorization Header.
5. Not able to upload a document or any file today.
6. When there are multiple records and API request does not have any data, No way to define response.
There are still few tricks which help we can to achieve responses from AwareIM API.
OAuth is a framework which will really help users to take advantage of it without getting into the complexity of Authentication and Authorization. Yes, it will be great features if we have in AwareIM. This will not only opens the door of more possibilities where I can imagine running multiple AwareIM apps/3rd party apps and they can call each other API with the same authentication/authorization flow.
Currently, We are using JWT(JSON web token) in all our API for authentication much before version 8.0, when consuming REST API not exists. Example: every time when a new user register/login himself system create a new unique token which is used for calling API. A Token is saved on server and client side (native mobile) and later used every time for every request which authenticates and custom development we have a capability to control the flow of data.
There are still some drawbacks or limitation when we exposed REST API under AwareIM.
Below are the few of them
1. All attributes values get exposed if we want to return object limited attributes only. This is major issue which has other problems if you have large business object.
2. Multiple responses cannot be paged
3. All are GET API, POST API is recommended for sending data from client to server.
4. Not able to send credential data under using Authorization Header.
5. Not able to upload a document or any file today.
6. When there are multiple records and API request does not have any data, No way to define response.
There are still few tricks which help we can to achieve responses from AwareIM API.
From,
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Re: 8.3 - vote for OAuth support for exposed REST services.
+100
It's an obvious addition and much needed requirement. We will use it.
I find it hard to imagine most forum users with customers who are businesses wouldn't need/use it. In 2019 most leading business applications will get asked "do you have APIs?" ... with oAuth we could publish an open API on our Aware written platform, with great documentation and maintain competitive advantage.
For anyone who thinks they don't need this, I would like to hear what your app does and who your customers are, tell me over a beer at the Portugal conference and I'll see if I can change your mind.
thanks for suggesting it Support.
It's an obvious addition and much needed requirement. We will use it.
I find it hard to imagine most forum users with customers who are businesses wouldn't need/use it. In 2019 most leading business applications will get asked "do you have APIs?" ... with oAuth we could publish an open API on our Aware written platform, with great documentation and maintain competitive advantage.
For anyone who thinks they don't need this, I would like to hear what your app does and who your customers are, tell me over a beer at the Portugal conference and I'll see if I can change your mind.
thanks for suggesting it Support.
Rod. Aware 8.6 (latest build), Developer Edition, on OS Linux (Ubuntu) using GUI hosted on AWS EC2, MYSQL on AWS RDS
-
- Posts: 7526
- Joined: Sun Apr 24, 2005 12:36 am
- Contact:
Re: 8.3 - vote for OAuth support for exposed REST services.
Good news for those who need this feature. It WILL be included in the next version - we have done most of the work already.
Aware IM Support Team
Re: 8.3 - vote for OAuth support for exposed REST services.
Awesome support..Excellent news, Thank youaware_support wrote:Good news for those who need this feature. It WILL be included in the next version - we have done most of the work already.
Thx,
George
________________________________
Developer Edition
AwareIM: v8.5, build 2824
OS: Windows Server 2012
DB: MySql 5.6.42
George
________________________________
Developer Edition
AwareIM: v8.5, build 2824
OS: Windows Server 2012
DB: MySql 5.6.42
-
- Posts: 2413
- Joined: Mon Jul 02, 2012 12:24 am
- Location: Ulaanbaatar, Mongolia
Re: 8.3 - vote for OAuth support for exposed REST services.
Good Job Support... Well Done.
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....