Difference between revisions of "Device flow usecase 1"

From i2Rest
Jump to: navigation, search
(Device flow)
 
(61 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Device Flow =
+
{{DISPLAYTITLE:Google drive API}}
 +
The use case shows the process of creating "i2rest.doc" file on "i2restexample" user Google Drive using I2Rest Client request with Oauth2 Authorization code flow.
 +
Lets walk step by step through our example with creating "i2rest.doc" file on "i2restexample" user Google Drive
  
Provided by i2Rest-client OAuth 2.0 Device flow allows your IBM i application to deal with protected user data on remote resource, while end users are not forced to share their usernames, passwords, and other private information. Instead, user jast have to pass authetification on remote resource and authorizate IBM i application to make some actions on the user's behalf. As far IBM i have no ability to display a web-page, i2Rest-client only provides user with link to authorization page. After user follow the link on any orher device (or via browser) and accept request, i2rest-client will be granted for authorization token, which allows user data access.
+
== Preparations ==
 +
:a)At the very beginning your application should be registered as a client (obtaining Device ID and Device Password) on [https://console.developers.google.com/apis/credentials Google] (see [https://developers.google.com/identity/protocols/oauth2 details]).
 +
:b) [[Create_*SYSTEM_Certificate_Store| Create *SYSTEM Certificate Store]] and [[Add_external_CA_to_trust_list  |add Google.com SSL CA ]].<br>
  
Lets walk throuth our example with creating "i2rest.doc" file on "i2restexample" user's Google Drive.
+
== i2Rest Client command composing == 
 +
Composing i2Rest Client we need:<br>
 +
:to set request method and API endpoint to values that are specified in the API method description; 
 +
<pre>
 +
I2REST COMMAND(*POST)                                     
 +
      URL('https://www.googleapis.com/drive/v3/files')
 +
</pre>
 +
:to specify properly configured on Preparations step (b) Certificate_Store to be able to work with SSL secured resource;
 +
<pre>
 +
      DCMCLIENT(<DCM client name>) 
 +
</pre>
 +
:to specify obtained on Preparations step (a) requisites;
 +
<pre>
 +
      AUTHID('Device ID')                 
 +
      AUTHPW('Device password)                     
 +
      AUTHURL('https://accounts.google.com/o/oauth2/v2/auth 
 +
              ')                                           
 +
      TOKENURL('https://oauth2.googleapis.com/token')       
 +
      SCOPE('https://www.googleapis.com/auth/drive.file') 
 +
</pre>
 +
All the necessary parameters are specified, it's time to execute the complete command. 
 +
<pre>
 +
I2REST COMMAND(*POST)                                     
 +
      URL('https://www.googleapis.com/drive/v3/files')   
 +
      BODY(*N '{"name":"i2rest.doc"}'
 +
            'application/json' *YES 1208)
 +
      OUTPUT(*BOTH) 
 +
      AUTHMETHOD(*OAUTH2D)                                     
 +
      DCMCLIENT(MYCLIENT)
 +
      RECVLOG('/home/USRX/recieved.log')                         
 +
      SENTLOG('/home/USRX/sent.log')                                                           
 +
      TOKENS('/tokens/tokens.usrspc')
 +
      AUTHID('<Device ID>')               
 +
      AUTHPW('<Device password>')                 
 +
      AUTHURL('https://oauth2.googleapis.com/device/code')
 +
      TOKENURL('https://oauth2.googleapis.com/token')     
 +
      SCOPE('https://www.googleapis.com/auth/drive.file'
 +
</pre>
  
=== Preparations ===
+
== Device flow ==
At the very begining your application should be registrated as a client (obtaining Device ID and Device Password) on the resource that will be requested for protected data. In our case we should folow Google's [https://console.developers.google.com/apis/credentials instructions].
+
After the command was executed, I2Rest Client starts performing Oauth2 Authorization code flow. Steps (A), (B) of the [[Device_flow_description|flow]] are taken behind the scene. Step (C) will be displayed on your green screen. Follow provided link.
 +
<div style="padding-bottom:6px">[[File:Device-flow-usecase1.png]]</div>
 +
Find yourself on device connection page. Proceed with "Next" button, and this is step (D).
 +
<div style="padding-bottom:6px">[[File:Device-flow-usecase2.png]]</div>
 +
Grant access to requested scope.
 +
<div style="padding-bottom:6px">[[File:Device-flow-usecase3.png]]</div>
 +
Here we are!
 +
<div style="padding-bottom:6px">[[File:Device-flow-usecase4.png]]</div>
 +
Steps (E), (F) of the flow does not envolve end user.
  
step 1
+
== Checking the result! ==
With Device ID and Device Password I2rest requests URI specified in «OAuth2 authorization endpoint» parameter. Authorization server responds with some requisites to be used getting user permission to protected data. As far as AS400 have no ability to display web page, it only displays link to authorization page to visit via browser according to «show authorization screen?» parameter.
+
We didn't make a screenshot with i2rest.doc on our example Google Drive, but you can check your own file right now. Also take a look on the result of the authorized request to Google Drive APi in joblog.  
       
+
<pre>
If case of  *REQUESTER or *BOTH authorization srcreen will be displayed. In case of *NONE or *REMOTE no screen will be displayed, but requester or specified (Send authorization request to) User should get notification.  
+
Approved scopes https://www.googleapis.com/auth/drive.file   
+
Token type Bearer                                             
That notification is handled by *DFT program, that gets Authorizer field with specified length as input parameter. 
+
Token expires in 3599                                         
       
+
Server response (status 200, shown 128 bytes of 128):         
Any program with custom logic (sms notificationetc) can be applied.
+
{                                                             
During period of «Time to wait authorization» i2rest will poll «OAuth2 token endpoint» URI to get token, which should be issued after user authorizes request. Tokens obtained from the authorization sever will be saved to “Tokens storage”.
+
"kind": "drive#file",                                        
 +
  "id": "1qH1yvlK1WF-C8oi9v3Nf8miUTuz_1Tvr",                   
 +
"name": "i2rest.doc",                                        
 +
"mimeType": "application/msword"                             
 +
}                                                             
 +
</pre>

Latest revision as of 20:38, 2 November 2021

The use case shows the process of creating "i2rest.doc" file on "i2restexample" user Google Drive using I2Rest Client request with Oauth2 Authorization code flow. Lets walk step by step through our example with creating "i2rest.doc" file on "i2restexample" user Google Drive

Preparations

a)At the very beginning your application should be registered as a client (obtaining Device ID and Device Password) on Google (see details).
b) Create *SYSTEM Certificate Store and add Google.com SSL CA .

i2Rest Client command composing

Composing i2Rest Client we need:

to set request method and API endpoint to values that are specified in the API method description;
I2REST COMMAND(*POST)                                       
       URL('https://www.googleapis.com/drive/v3/files')
to specify properly configured on Preparations step (b) Certificate_Store to be able to work with SSL secured resource;
       DCMCLIENT(<DCM client name>)
to specify obtained on Preparations step (a) requisites;
       AUTHID('Device ID')                   
       AUTHPW('Device password)                       
       AUTHURL('https://accounts.google.com/o/oauth2/v2/auth  
               ')                                             
       TOKENURL('https://oauth2.googleapis.com/token')        
       SCOPE('https://www.googleapis.com/auth/drive.file')

All the necessary parameters are specified, it's time to execute the complete command. 

I2REST COMMAND(*POST)                                       
       URL('https://www.googleapis.com/drive/v3/files')     
       BODY(*N '{"name":"i2rest.doc"}' 
            'application/json' *YES 1208)
       OUTPUT(*BOTH)  
       AUTHMETHOD(*OAUTH2D)                                      
       DCMCLIENT(MYCLIENT)
       RECVLOG('/home/USRX/recieved.log')                           
       SENTLOG('/home/USRX/sent.log')                                                             
       TOKENS('/tokens/tokens.usrspc')
       AUTHID('<Device ID>')                 
       AUTHPW('<Device password>')                   
       AUTHURL('https://oauth2.googleapis.com/device/code') 
       TOKENURL('https://oauth2.googleapis.com/token')      
       SCOPE('https://www.googleapis.com/auth/drive.file')

Device flow

After the command was executed, I2Rest Client starts performing Oauth2 Authorization code flow. Steps (A), (B) of the flow are taken behind the scene. Step (C) will be displayed on your green screen. Follow provided link.

Device-flow-usecase1.png

Find yourself on device connection page. Proceed with "Next" button, and this is step (D).

Device-flow-usecase2.png

Grant access to requested scope.

Device-flow-usecase3.png

Here we are!

Device-flow-usecase4.png

Steps (E), (F) of the flow does not envolve end user.

Checking the result!

We didn't make a screenshot with i2rest.doc on our example Google Drive, but you can check your own file right now. Also take a look on the result of the authorized request to Google Drive APi in joblog. 

Approved scopes https://www.googleapis.com/auth/drive.file     
Token type Bearer                                              
Token expires in 3599                                          
Server response (status 200, shown 128 bytes of 128):          
{                                                              
 "kind": "drive#file",                                         
 "id": "1qH1yvlK1WF-C8oi9v3Nf8miUTuz_1Tvr",                    
 "name": "i2rest.doc",                                         
 "mimeType": "application/msword"                              
}
Retrieved from "https://www.i2rest.com/index.php?title=Device_flow_usecase_1&oldid=1961"