Difference between revisions of "Authorization code usecase 1"

From i2Rest
Jump to: navigation, search
m
 
(48 intermediate revisions by one other user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:Dealing with Google Drive}}
+
{{DISPLAYTITLE:Dealing with Google Drive via i2Rest bridge}}
Lets walk step by step through our example with getting the list of existing files on "i2restexample" user Google Drive.
+
The use case shows how to use I2Rest Client request with [[Authorization_Code_flow_description|Oauth2 Authorization code flow]], the same result can be also achevied using [[Device_flow_description|Oauth2 Device flow]]. We will call [https://developers.google.com/drive/api/v3/reference/files/list Google Drive Api] in order to get the list of existing files on "i2restexample" user Google Drive.
 +
== Preparations == 
 +
The next steps are to be performed before we can compose and execute i2Rest Client command.<br>
 +
:a) Your application should be registered as a client (obtaining Device ID and Device password) on [https://console.developers.google.com/apis/credentials Google] (see [https://developers.google.com/identity/protocols/oauth2 details]). Make sure your specify Redirection URI that matches i2Rest Bridge endpoint.<br>
 +
:b) Insure that you have Google SSL CA installed. [[Add_external_CA_to_trust_list  |Install it if needed]].<br>
 +
:c) Register your i2Rest Client on your i2Rest Server as a client to enable "bridge mode" by setting up your i2Rest Server [[OAuth2_object|OAuth2 object]].
  
== Preparations ==
+
== i2Rest Client command composing ==   
a) At the very beginning your application should be registered as a client (obtaining Device ID and Device Password) on [https://console.developers.google.com/apis/credentials Google] (see [https://developers.google.com/identity/protocols/oauth2 details]).<br>
+
Composing i2Rest Client we need:<br>
b) [[Create_*SYSTEM_Certificate_Store| Create *SYSTEM Certificate Store]] and [[Add_external_CA_to_trust_list  |add Google.com SSL CA ]].<br>
+
:to set request method and API endpoint to values that are specified in the API method description;   
c) Register your i2Rest Client on your i2Rest Server as a client to enable "bridge mode" by setting up your i2Rest Server [[OAuth2_object|OAuth2 object]].<br>
 
d) Choose appropriate API method and scope on [https://developers.google.com/drive/api/v3/reference/files/list Google Drive Api page].
 
 
 
== i2Rest command composing ==   
 
So what we need is:<br>
 
:to set request method and API endpoint to values we prepared on Preparations step (d);   
 
 
<pre>
 
<pre>
 
I2REST COMMAND(*Get)                                       
 
I2REST COMMAND(*Get)                                       
Line 17: Line 16:
 
:to specify properly configured on Preparations step (b) Certificate_Store to be able to work with SSL secured resource;  
 
:to specify properly configured on Preparations step (b) Certificate_Store to be able to work with SSL secured resource;  
 
<pre>
 
<pre>
       DCMCLIENT(MYCLIENT)   
+
       DCMCLIENT(<DCM client name>)   
 
</pre>  
 
</pre>  
:to specify obtained on Preparations step (a) and step (d) requisites;
+
:to specify obtained on Preparations step (a) requisites;
 
<pre>
 
<pre>
       AUTHID('677815701888-aj80fure8f1laqd3dqvpqtmlandni5an
+
       AUTHID('Device ID')                   
              .apps.googleusercontent.com')                   
+
       AUTHPW('Device password)                       
       AUTHPW(tI2ezmVGioGwrGk9K2O23Mv5)                       
 
 
       AUTHURL('https://accounts.google.com/o/oauth2/v2/auth   
 
       AUTHURL('https://accounts.google.com/o/oauth2/v2/auth   
 
               ')                                             
 
               ')                                             
Line 29: Line 27:
 
       SCOPE('https://www.googleapis.com/auth/drive.file')   
 
       SCOPE('https://www.googleapis.com/auth/drive.file')   
 
</pre>   
 
</pre>   
:to specify Bridge mode parameters obtained on Preparations step (c).
+
:to specify <code>*BRIDGE</code> Authorization method and Bridge mode parameters obtained on Preparations step (c). <code>BRIDGEPW</code> is an IBM i user (which is defined as i2Rest Server client) password.
 
<pre>
 
<pre>
 
       AUTHMETHOD(*BRIDGE)   
 
       AUTHMETHOD(*BRIDGE)   
       BRIDGEURL('https://api.i2rest.com:22089/a2d')           
+
       BRIDGEURL('<Bridge endpoint>')         
       BRIDGEID(OAUTH21)                                       
+
      BRIDGEID('<Client name>')                                     
       BRIDGEPW(oauth21)  
+
      BRIDGEPW('<Client password>')
 +
</pre>
 +
All the necessary parameters are specified, it's time to execute the complete command.
 +
<pre>
 +
I2REST COMMAND(*GET)                                           
 +
      URL('https://www.googleapis.com/drive/v3/files')       
 +
      OUTPUT(*BOTH)                                           
 +
      DCMCLIENT(MYCLIENT)                                     
 +
      RECVLOG('/home/USRX/recieved.log')                         
 +
      SENTLOG('/home/USRX/sent.log')                         
 +
      AUTHMETHOD(*BRIDGE)                                     
 +
      TOKENS('/qsys.lib/qtemp.lib/tokens.usrspc')             
 +
      AUTHID('Device ID')                 
 +
      AUTHPW('Device password')                         
 +
      AUTHURL('https://accounts.google.com/o/oauth2/v2/auth   
 +
              ')                                             
 +
      TOKENURL('https://oauth2.googleapis.com/token')         
 +
      SCOPE('https://www.googleapis.com/auth/drive.file')     
 +
      BRIDGEURL('<Bridge endpoint>')           
 +
       BRIDGEID('<Client name>')                                       
 +
       BRIDGEPW('<Client password>')  
 
</pre>
 
</pre>
All the necessary parameters are specified, it's time to execute the command.
 
  
== Authorization code flow dialog ==
+
== Authorization code flow ==
i2Rest Client will provide end user with link to follow.<br>  
+
After the command was executed, I2Rest Client starts performing Oauth2 Authorization code flow. Steps (A), (B) of the [[Authorization_Code_flow_description|flow]] are taken behinde the scene. Step (C) will be displayed on your green screen.
[[File:Authorization_code_usecase1-1.png|style="padding: 10px"]]  
+
<div style="padding-bottom:6px">[[File:Authorization_code_usecase1-1.png|900px"]]</div>  
<br>
+
 
<br>
+
Following the provided link will bring the user to I2Rest Bridge page that asks for a Bridge user code, and this is step (D).
After entering the Bridge user code end user will be redirect to authorization server.<br>
+
<div style="padding-bottom:6px">[[File:Authorization_code_usecase1-5.png]]</div>
[[File:Authorization_code_usecase1-5.png]]
+
 
<br>
+
The next two screens are the representation of step (F).<br>
<br>
+
End user suggested to perform user authentication.  
End user suggested to perform user authentication. <br>
+
<div style="padding-bottom:6px">[[File:Authorization_code_usecase1-2.png]]</div>
[[File:Authorization_code_usecase1-2.png]]
+
 
<br>
+
End user suggested to grant access to requested scope.
<br>
+
<div style="padding-bottom:6px">[[File:Authorization_code_usecase1-3.png]]</div>
End user suggested to grant access to requested scope.<br>
+
 
[[File:Authorization_code_usecase1-3.png]]
+
After the end user grant (or deny) access, he will be redirected back to i2Rest bridge as the result of step (G).
<br>
+
<div style="padding-bottom:6px">[[File:Authorization_code_usecase1-4.png]]</div>
<br>
+
 
Now end user is redirected back to i2Rest bridge.<br>
+
Steps (E), (H), (I), (J) of the flow does not envolve end user.
[[File:Authorization_code_usecase1-4.png]]
 
<br>
 
  
 
== Checking the result! ==
 
== Checking the result! ==
Here is server response:  
+
Here is the result of the authorized request to Google Drive APi:  
 
<pre>
 
<pre>
 
Server response (status 200, shown 214 bytes of 214):   
 
Server response (status 200, shown 214 bytes of 214):   
Line 77: Line 92:
  
 
</pre>
 
</pre>
----
 
[[I2Rest_Client|Back to i2Rest Client]]
 

Latest revision as of 11:52, 17 July 2020

The use case shows how to use I2Rest Client request with Oauth2 Authorization code flow, the same result can be also achevied using Oauth2 Device flow. We will call Google Drive Api in order to get the list of existing files on "i2restexample" user Google Drive.

Preparations

The next steps are to be performed before we can compose and execute i2Rest Client command.

a) Your application should be registered as a client (obtaining Device ID and Device password) on Google (see details). Make sure your specify Redirection URI that matches i2Rest Bridge endpoint.
b) Insure that you have Google SSL CA installed. Install it if needed.
c) Register your i2Rest Client on your i2Rest Server as a client to enable "bridge mode" by setting up your i2Rest Server OAuth2 object.

i2Rest Client command composing

Composing i2Rest Client we need:

to set request method and API endpoint to values that are specified in the API method description;
I2REST COMMAND(*Get)                                       
       URL('https://www.googleapis.com/drive/v3/files') 
to specify properly configured on Preparations step (b) Certificate_Store to be able to work with SSL secured resource;
       DCMCLIENT(<DCM client name>)  
to specify obtained on Preparations step (a) requisites;
       AUTHID('Device ID')                   
       AUTHPW('Device password)                       
       AUTHURL('https://accounts.google.com/o/oauth2/v2/auth  
               ')                                             
       TOKENURL('https://oauth2.googleapis.com/token')        
       SCOPE('https://www.googleapis.com/auth/drive.file')  
to specify *BRIDGE Authorization method and Bridge mode parameters obtained on Preparations step (c). BRIDGEPW is an IBM i user (which is defined as i2Rest Server client) password.
       AUTHMETHOD(*BRIDGE)  
       BRIDGEURL('<Bridge endpoint>')          
       BRIDGEID('<Client name>')                                      
       BRIDGEPW('<Client password>') 

All the necessary parameters are specified, it's time to execute the complete command.

I2REST COMMAND(*GET)                                            
       URL('https://www.googleapis.com/drive/v3/files')         
       OUTPUT(*BOTH)                                            
       DCMCLIENT(MYCLIENT)                                      
       RECVLOG('/home/USRX/recieved.log')                           
       SENTLOG('/home/USRX/sent.log')                           
       AUTHMETHOD(*BRIDGE)                                      
       TOKENS('/qsys.lib/qtemp.lib/tokens.usrspc')              
       AUTHID('Device ID')                   
       AUTHPW('Device password')                          
       AUTHURL('https://accounts.google.com/o/oauth2/v2/auth    
               ')                                               
       TOKENURL('https://oauth2.googleapis.com/token')          
       SCOPE('https://www.googleapis.com/auth/drive.file')      
       BRIDGEURL('<Bridge endpoint>')          
       BRIDGEID('<Client name>')                                      
       BRIDGEPW('<Client password>') 

Authorization code flow

After the command was executed, I2Rest Client starts performing Oauth2 Authorization code flow. Steps (A), (B) of the flow are taken behinde the scene. Step (C) will be displayed on your green screen.

900px"

Following the provided link will bring the user to I2Rest Bridge page that asks for a Bridge user code, and this is step (D).

Authorization code usecase1-5.png

The next two screens are the representation of step (F).
End user suggested to perform user authentication.

Authorization code usecase1-2.png

End user suggested to grant access to requested scope.

Authorization code usecase1-3.png

After the end user grant (or deny) access, he will be redirected back to i2Rest bridge as the result of step (G).

Authorization code usecase1-4.png

Steps (E), (H), (I), (J) of the flow does not envolve end user.

Checking the result!

Here is the result of the authorized request to Google Drive APi:

Server response (status 200, shown 214 bytes of 214):   
    {                                                       
     "kind": "drive#fileList",                              
     "incompleteSearch": false,                             
     "files": [                                             
      {                                                     
       "kind": "drive#file",                                
       "id": "1b-aQhiVeXgAQZVYeftIpuBo2GCvKQzHz",           
       "name": "i2rest.doc",                                
       "mimeType": "application/msword"                     
      }                                                     
     ]                                                      
    }