Difference between revisions of "Authorization code usecase 1"
Pavel.lobko (talk | contribs) |
m |
||
| (42 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | {{DISPLAYTITLE:Dealing with Google Drive}} | + | {{DISPLAYTITLE:Dealing with Google Drive via i2Rest bridge}} |
| − | The | + | The use case shows how to use I2Rest Client request with [[Authorization_Code_flow_description|Oauth2 Authorization code flow]], the same result can be also achevied using [[Device_flow_description|Oauth2 Device flow]]. We will call [https://developers.google.com/drive/api/v3/reference/files/list Google Drive Api] in order to get the list of existing files on "i2restexample" user Google Drive. |
| − | == Preparations == | + | == Preparations == |
The next steps are to be performed before we can compose and execute i2Rest Client command.<br> | The next steps are to be performed before we can compose and execute i2Rest Client command.<br> | ||
| − | :a) Your application should be registered as a client (obtaining Device ID and Device | + | :a) Your application should be registered as a client (obtaining Device ID and Device password) on [https://console.developers.google.com/apis/credentials Google] (see [https://developers.google.com/identity/protocols/oauth2 details]). Make sure your specify Redirection URI that matches i2Rest Bridge endpoint.<br> |
:b) Insure that you have Google SSL CA installed. [[Add_external_CA_to_trust_list |Install it if needed]].<br> | :b) Insure that you have Google SSL CA installed. [[Add_external_CA_to_trust_list |Install it if needed]].<br> | ||
| − | :c) Register your i2Rest Client on your i2Rest Server as a client to enable "bridge mode" by setting up your i2Rest Server [[OAuth2_object|OAuth2 object]]. | + | :c) Register your i2Rest Client on your i2Rest Server as a client to enable "bridge mode" by setting up your i2Rest Server [[OAuth2_object|OAuth2 object]]. |
| − | |||
== i2Rest Client command composing == | == i2Rest Client command composing == | ||
| − | + | Composing i2Rest Client we need:<br> | |
| − | :to set request method and API endpoint to values | + | :to set request method and API endpoint to values that are specified in the API method description; |
<pre> | <pre> | ||
I2REST COMMAND(*Get) | I2REST COMMAND(*Get) | ||
| Line 17: | Line 16: | ||
:to specify properly configured on Preparations step (b) Certificate_Store to be able to work with SSL secured resource; | :to specify properly configured on Preparations step (b) Certificate_Store to be able to work with SSL secured resource; | ||
<pre> | <pre> | ||
| − | DCMCLIENT( | + | DCMCLIENT(<DCM client name>) |
</pre> | </pre> | ||
| − | :to specify obtained on Preparations step (a | + | :to specify obtained on Preparations step (a) requisites; |
<pre> | <pre> | ||
| − | AUTHID(' | + | AUTHID('Device ID') |
| − | + | AUTHPW('Device password) | |
| − | AUTHPW( | ||
AUTHURL('https://accounts.google.com/o/oauth2/v2/auth | AUTHURL('https://accounts.google.com/o/oauth2/v2/auth | ||
') | ') | ||
| Line 29: | Line 27: | ||
SCOPE('https://www.googleapis.com/auth/drive.file') | SCOPE('https://www.googleapis.com/auth/drive.file') | ||
</pre> | </pre> | ||
| − | :to specify Bridge mode parameters obtained on Preparations step (c). | + | :to specify <code>*BRIDGE</code> Authorization method and Bridge mode parameters obtained on Preparations step (c). <code>BRIDGEPW</code> is an IBM i user (which is defined as i2Rest Server client) password. |
<pre> | <pre> | ||
AUTHMETHOD(*BRIDGE) | AUTHMETHOD(*BRIDGE) | ||
| − | BRIDGEURL('https:// | + | BRIDGEURL('<Bridge endpoint>') |
| − | BRIDGEID( | + | BRIDGEID('<Client name>') |
| − | BRIDGEPW( | + | BRIDGEPW('<Client password>') |
| + | </pre> | ||
| + | All the necessary parameters are specified, it's time to execute the complete command. | ||
| + | <pre> | ||
| + | I2REST COMMAND(*GET) | ||
| + | URL('https://www.googleapis.com/drive/v3/files') | ||
| + | OUTPUT(*BOTH) | ||
| + | DCMCLIENT(MYCLIENT) | ||
| + | RECVLOG('/home/USRX/recieved.log') | ||
| + | SENTLOG('/home/USRX/sent.log') | ||
| + | AUTHMETHOD(*BRIDGE) | ||
| + | TOKENS('/qsys.lib/qtemp.lib/tokens.usrspc') | ||
| + | AUTHID('Device ID') | ||
| + | AUTHPW('Device password') | ||
| + | AUTHURL('https://accounts.google.com/o/oauth2/v2/auth | ||
| + | ') | ||
| + | TOKENURL('https://oauth2.googleapis.com/token') | ||
| + | SCOPE('https://www.googleapis.com/auth/drive.file') | ||
| + | BRIDGEURL('<Bridge endpoint>') | ||
| + | BRIDGEID('<Client name>') | ||
| + | BRIDGEPW('<Client password>') | ||
</pre> | </pre> | ||
| − | |||
| − | == Authorization code flow | + | == Authorization code flow == |
| − | + | After the command was executed, I2Rest Client starts performing Oauth2 Authorization code flow. Steps (A), (B) of the [[Authorization_Code_flow_description|flow]] are taken behinde the scene. Step (C) will be displayed on your green screen. | |
| − | [[File:Authorization_code_usecase1-1.png| | + | <div style="padding-bottom:6px">[[File:Authorization_code_usecase1-1.png|900px"]]</div> |
| − | < | + | |
| − | + | Following the provided link will bring the user to I2Rest Bridge page that asks for a Bridge user code, and this is step (D). | |
| − | + | <div style="padding-bottom:6px">[[File:Authorization_code_usecase1-5.png]]</div> | |
| − | [[File:Authorization_code_usecase1-5.png]] | + | |
| − | < | + | The next two screens are the representation of step (F).<br> |
| − | <br> | + | End user suggested to perform user authentication. |
| − | End user suggested to perform user authentication. < | + | <div style="padding-bottom:6px">[[File:Authorization_code_usecase1-2.png]]</div> |
| − | [[File:Authorization_code_usecase1-2.png]] | + | |
| − | < | + | End user suggested to grant access to requested scope. |
| − | + | <div style="padding-bottom:6px">[[File:Authorization_code_usecase1-3.png]]</div> | |
| − | End user suggested to grant access to requested scope.< | + | |
| − | [[File:Authorization_code_usecase1-3.png]] | + | After the end user grant (or deny) access, he will be redirected back to i2Rest bridge as the result of step (G). |
| − | < | + | <div style="padding-bottom:6px">[[File:Authorization_code_usecase1-4.png]]</div> |
| − | + | ||
| − | + | Steps (E), (H), (I), (J) of the flow does not envolve end user. | |
| − | [[File:Authorization_code_usecase1-4.png]] | ||
| − | < | ||
== Checking the result! == | == Checking the result! == | ||
| − | Here is | + | Here is the result of the authorized request to Google Drive APi: |
<pre> | <pre> | ||
Server response (status 200, shown 214 bytes of 214): | Server response (status 200, shown 214 bytes of 214): | ||
| Line 77: | Line 92: | ||
</pre> | </pre> | ||
| − | |||
| − | |||
Latest revision as of 11:52, 17 July 2020
The use case shows how to use I2Rest Client request with Oauth2 Authorization code flow, the same result can be also achevied using Oauth2 Device flow. We will call Google Drive Api in order to get the list of existing files on "i2restexample" user Google Drive.
Contents
Preparations
The next steps are to be performed before we can compose and execute i2Rest Client command.
- a) Your application should be registered as a client (obtaining Device ID and Device password) on Google (see details). Make sure your specify Redirection URI that matches i2Rest Bridge endpoint.
- b) Insure that you have Google SSL CA installed. Install it if needed.
- c) Register your i2Rest Client on your i2Rest Server as a client to enable "bridge mode" by setting up your i2Rest Server OAuth2 object.
i2Rest Client command composing
Composing i2Rest Client we need:
- to set request method and API endpoint to values that are specified in the API method description;
I2REST COMMAND(*Get)
URL('https://www.googleapis.com/drive/v3/files')
- to specify properly configured on Preparations step (b) Certificate_Store to be able to work with SSL secured resource;
DCMCLIENT(<DCM client name>)
- to specify obtained on Preparations step (a) requisites;
AUTHID('Device ID')
AUTHPW('Device password)
AUTHURL('https://accounts.google.com/o/oauth2/v2/auth
')
TOKENURL('https://oauth2.googleapis.com/token')
SCOPE('https://www.googleapis.com/auth/drive.file')
- to specify
*BRIDGEAuthorization method and Bridge mode parameters obtained on Preparations step (c).BRIDGEPWis an IBM i user (which is defined as i2Rest Server client) password.
AUTHMETHOD(*BRIDGE)
BRIDGEURL('<Bridge endpoint>')
BRIDGEID('<Client name>')
BRIDGEPW('<Client password>')
All the necessary parameters are specified, it's time to execute the complete command.
I2REST COMMAND(*GET)
URL('https://www.googleapis.com/drive/v3/files')
OUTPUT(*BOTH)
DCMCLIENT(MYCLIENT)
RECVLOG('/home/USRX/recieved.log')
SENTLOG('/home/USRX/sent.log')
AUTHMETHOD(*BRIDGE)
TOKENS('/qsys.lib/qtemp.lib/tokens.usrspc')
AUTHID('Device ID')
AUTHPW('Device password')
AUTHURL('https://accounts.google.com/o/oauth2/v2/auth
')
TOKENURL('https://oauth2.googleapis.com/token')
SCOPE('https://www.googleapis.com/auth/drive.file')
BRIDGEURL('<Bridge endpoint>')
BRIDGEID('<Client name>')
BRIDGEPW('<Client password>')
Authorization code flow
After the command was executed, I2Rest Client starts performing Oauth2 Authorization code flow. Steps (A), (B) of the flow are taken behinde the scene. Step (C) will be displayed on your green screen.
Following the provided link will bring the user to I2Rest Bridge page that asks for a Bridge user code, and this is step (D).
The next two screens are the representation of step (F).
End user suggested to perform user authentication.
End user suggested to grant access to requested scope.
After the end user grant (or deny) access, he will be redirected back to i2Rest bridge as the result of step (G).
Steps (E), (H), (I), (J) of the flow does not envolve end user.
Checking the result!
Here is the result of the authorized request to Google Drive APi:
Server response (status 200, shown 214 bytes of 214):
{
"kind": "drive#fileList",
"incompleteSearch": false,
"files": [
{
"kind": "drive#file",
"id": "1b-aQhiVeXgAQZVYeftIpuBo2GCvKQzHz",
"name": "i2rest.doc",
"mimeType": "application/msword"
}
]
}
