So you are using OAuth and perhaps also an identity provider for authorization and authentication, and you are using services that need authentication through this OAuth2 token.
How to set this up with Rocket MX Web?
This example shows how an OAuth2 token can be used to collect user information from the APIs from Keycloak. Keycloak is a tool that can be configured as identity provider (OpenID) as well as OAuth2 server. The examples given are indicative as the actual code can differ based on the OAuth2 server and/or Identity provider used, and it's configuration.
To start, either in index.htlm or in the index.jsp the code for the client of your OAuth2 server needs to be included.
In this example this is keycloak.js and is obtained directly from the authorization and authentication server in use (a local Keycloak instance on port 8080):
In this example we initiate the authorization object on start of the web client. When the user is already logged on and has a token, the OAuth2 code from Keycloak will use the already logged on details. Otherwise the user will be prompted for authentication and the client will start after this has been done.
In the example we will invoke the rest service 'openid-connect/userinfo' to get information about the current logged on user. This is an API that Keycloak provides which uses authorization using OAuth2.
On success, it will populate a TextArea widget with the returned contents of the request.
To call the service from the engine instead of the web browser, the token can also be passed along to an MX script function.
The function in rocket MX script could look as follows:
When using a service definition to call a REST (or other) service from Rocket MX Web, the token can be passed as extended header to the request. The token can be passed as global variable.
In this example the global variable 'BEARER_TOKEN' is used as variable to use in the service:
To set the token just before executing the service, a short MX script can be used.
Next the service will be invoked. In the example by pressing a hidden button 'BUTINVOKE'.
This script will check validity of the token and will update it when expired, and then call the MX script with the token, which in it's turn invokes the REST service:
In these three examples. the token is validated on expiration and retrieved if invalidated on every request.
Depending on the OAuth server and configurations the global may be set and updated only when the token expires (when known), which could help to improve performance. Whether or not that can be done depends on the configuration of the OAuth server and services.
Roger van Valen
Senior manager, software engineering
Dordrecht, The Netherlands
------------------------------#Authentication #LegaSuite #OAuth #MXWeb
#Security #RocketModernExperienceWebedition #Service