Device flow description

From i2Rest
Revision as of 22:47, 28 May 2020 by Alexei.baranov (talk | contribs) (Device flow by i2Rest command)
Jump to: navigation, search

Overview

Oauth 2.0 Device flow is the authorization scenario for those devices (like IBM i), that has no ability to display an authorization web page when making request to private data on resources with limited access. When application runing on a such device trying to access some protected data,
Device-flow-scheme1.png
Device flow scheme.

(A)i2Rest client sends a request to the authorization server and includes its client identifier in the request.
(B)The authorization server responds with a device code, an end-user code and the verification URL.
(C)i2rest client provides end-user with a device code and the verification URL.
(D)Now it's time end-user to follow provided verification URL on any capable device. After authentification on authorization server end-user will be prompted to grant (or deny) access to the application. whether they are willing to grant one or more permissions that your application is requesting.
(E)At the time end-user i2 rest starts polling authorization server.
(F)The authorization server validates the device code provided by the client and responds with the access token if the client is granted access, an error if they are denied access, or an indication that the client should continue to poll.

Device flow by i2Rest command

The next parameters are mandatory to perform request with Device flow by I2Rest command.

Parameter Description
Authentication method *OAUTH2D must be specified
Command Any of available request type can be choosen
API endpoint HTTP resource to serve the request
User/OAuth2 client/device ID Credentials to authenticate i2Rest Client with authorization server
User/OAuth2 client/dev passwd
OAuth2 authorization endpoint HTTP resource to be requested for an authorization URL and device code
OAuth2 token endpoint HTTP resource to be requested for an access token
Scope The set of resources and operations that are allowed to application with access token

i2Rest command example bellow represents request for creating i2rest.doc file on Google Drive, please explore the appropriate use case. 

I2REST COMMAND(*POST)                                       
       URL('https://www.googleapis.com/drive/v3/files')     
       BODY(*N '{"name":"i2rest.doc"}' 
            'application/json' *YES 1208)
       OUTPUT(*BOTH)  
       AUTHMETHOD(*OAUTH2D)                                      
       DCMCLIENT(MYCLIENT)                                  
       RECVLOG('/home/btpl/recv.log')                       
       SENTLOG('/home/btpl/sent.log')                       
       TOKENS('/qsys.lib/qtemp.lib/tokens.usrspc')          
       AUTHID('677815701888-dfa6i6tcrvqpvmc1acii98ij32h7lc3j
              .apps.googleusercontent.com')                 
       AUTHPW('2Rstk_A-u4rbLcm6OFcclMz5')                   
       AUTHURL('https://oauth2.googleapis.com/device/code') 
       TOKENURL('https://oauth2.googleapis.com/token')      
       SCOPE('https://www.googleapis.com/auth/drive.file')

Back to i2Rest Client

Retrieved from "https://www.i2rest.com/index.php?title=Device_flow_description&oldid=964"