Configuring OAuth2 authorization

From i2Rest
Revision as of 16:02, 30 June 2020 by Pavel.lobko (talk | contribs)
Jump to: navigation, search

Unlike anonimous API call we performed in our quick start guide, authorized API call requires OAuth2 token with "run_program" scope and *local Session System defined.

Step 1
Register two users on IBM i.
Step 2
Create text file named I2RESTECHO.PCML anywhere on IFS, for example "/tmp/PCML/i2restecho.pcml". Copy and paste following code. It represents a description for the sample program I2RESTECHO, that is included into i2Rest Server installation for demonstration purposes:
<pcml version="1.0">

   <program name="echo" path="/QSYS.LIB/%LIBL%.LIB/I2RESTECHO.PGM">
      <data name="echo" usage="inputoutput" type="char" length="10" trim="both"/>
   </program>

</pcml>
Step 3
Contact your system administrator for your IBM i server host name (or IP) and two available ports for "main" and "management" gates of your first i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Enter following text, replace host_name, ports, pcml_file, user (must be a regestered IBM i user) and client (must be a regestered IBM i user) with appropriate values. We will start with simplest non-encrypted connections, so please leave http as a protocol.

Basic configuration management API variant (differences are highlighted in green): 


{
   "gates":
   {
      "main"       : {"url":"http://<host_name>[:port] (for example api.i2rest.com:1234)"},
      "management" : {"url":"http://<host_name>[:port] (for example api.i2rest.com:4321)"}
   },
   "session_systems":
   [
      {  "name"   : "*ANONYMOUS", 
         "submit" : "SBMJOB JOB(I2RESTA)                \
                            USER(${user})               \
                            CMD(CALL I2REST             \
                               PARM('-session'          \
                                    '-url' '${surl}'    \
                                    '-uid' '${uid}'     \
                                    '-user' '${user}')) \
                            INLLIBL(I2REST)"
      },
      {  "name"   : "*LOCAL",
         "submit" : SBMJOB JOB(I2RESTS)                             \
                           USER(${user})                            \
                           CMD(CALL I2REST                          \
                              PARM('-session'                       \
                                    '-url' '${surl}'                \
                                    '-uid' '${uid}'                 \
                                    '-user' '${user}'))             \
                                    '-init' 'ADDLIBLE I2REST'))"    \
   ],
   "pcmls":
   [
      {
         "pcml_mount"         : "echo",
         "pcml_file"          : "<complete name of i2restecho.pcml on IFS (for example /tmp/PCML/i2restecho.pcml)>", 
         "valid_in_anonymous" : true
      }
   ],
      "OAuth2":
   {
      "scopes":
      {
         "run_program" : {"description":"Authorized API call"}
      },
      "users":
      {
         "USRX":{"description":"John Johnes","valid_clients":{"TSTCLNT":{"scopes":["run_program"]}}}
      },
      "clients":
      {
         "TSTCLNT":{"redirect_uri":"<main gate URL>/oauth2/redirect", 
                   "description":"Test client", 
                   "valid_scopes":["run_program"],
                   "valid_grant_types":["authorization_code"]}
      },
      "tokens": {"type":"token"},"codes":{"type":"code"}
   } 

}
Retrieved from "https://www.i2rest.com/index.php?title=Configuring_OAuth2_authorization&oldid=1502"