Dealing with Google Drive via i2Rest bridge
The use case shows how to use I2Rest Client request with Oauth2 Authorization code flow, the same result can be also achevied using Oauth2 Device flow. We will call Google Drive Api in order to get the list of existing files on "i2restexample" user Google Drive.
Contents
Preparations
The next steps are to be performed before we can compose and execute i2Rest Client command.
- a) Your application should be registered as a client (obtaining Device ID and Device password) on Google (see details). Make sure your specify Redirection URI that matches i2Rest Bridge endpoint.
- b) Insure that you have Google SSL CA installed. Install it if needed.
- c) Register your i2Rest Client on your i2Rest Server as a client to enable "bridge mode" by setting up your i2Rest Server OAuth2 object.
i2Rest Client command composing
Composing i2Rest Client we need:
- to set request method and API endpoint to values that are specified in the API method description;
I2REST COMMAND(*Get)
URL('https://www.googleapis.com/drive/v3/files')
- to specify properly configured on Preparations step (b) Certificate_Store to be able to work with SSL secured resource;
DCMCLIENT(<DCM client name>)
- to specify obtained on Preparations step (a) requisites;
AUTHID('Device ID')
AUTHPW('Device password)
AUTHURL('https://accounts.google.com/o/oauth2/v2/auth
')
TOKENURL('https://oauth2.googleapis.com/token')
SCOPE('https://www.googleapis.com/auth/drive.file')
- to specify
*BRIDGEAuthorization method and Bridge mode parameters obtained on Preparations step (c).BRIDGEPWis an IBM i user (which is defined as i2Rest Server client) password.
AUTHMETHOD(*BRIDGE)
BRIDGEURL('<Bridge endpoint>')
BRIDGEID('<Client name>')
BRIDGEPW('<Client password>')
All the necessary parameters are specified, it's time to execute the complete command.
I2REST COMMAND(*GET)
URL('https://www.googleapis.com/drive/v3/files')
OUTPUT(*BOTH)
DCMCLIENT(MYCLIENT)
RECVLOG('/home/USRX/recieved.log')
SENTLOG('/home/USRX/sent.log')
AUTHMETHOD(*BRIDGE)
TOKENS('/qsys.lib/qtemp.lib/tokens.usrspc')
AUTHID('Device ID')
AUTHPW('Device password')
AUTHURL('https://accounts.google.com/o/oauth2/v2/auth
')
TOKENURL('https://oauth2.googleapis.com/token')
SCOPE('https://www.googleapis.com/auth/drive.file')
BRIDGEURL('<Bridge endpoint>')
BRIDGEID('<Client name>')
BRIDGEPW('<Client password>')
Authorization code flow
After the command was executed, I2Rest Client starts performing Oauth2 Authorization code flow. Steps (A), (B) of the flow are taken behinde the scene. Step (C) will be displayed on your green screen.
Following the provided link will bring the user to I2Rest Bridge page that asks for a Bridge user code, and this is step (D).
The next two screens are the representation of step (F).
End user suggested to perform user authentication.
End user suggested to grant access to requested scope.
After the end user grant (or deny) access, he will be redirected back to i2Rest bridge as the result of step (G).
Steps (E), (H), (I), (J) of the flow does not envolve end user.
Checking the result!
Here is the result of the authorized request to Google Drive APi:
Server response (status 200, shown 214 bytes of 214):
{
"kind": "drive#fileList",
"incompleteSearch": false,
"files": [
{
"kind": "drive#file",
"id": "1b-aQhiVeXgAQZVYeftIpuBo2GCvKQzHz",
"name": "i2rest.doc",
"mimeType": "application/msword"
}
]
}
