OAuthAPI overview
The OAuthAPI library supports the OAuth protocol that authenticates user access and issues access tokens.
The OAuth protocol is widely-used as a means of securing access to web services. It allows client access by verifying the identity of the end user. Third party Identity Providers (IdP) usually provide this service, or you can secure your RESTful services using the Genero Identity Provider service that is delivered in $FGLDIR/web_utilities/services/gip. For more information, see the Genero Identity Provider (GIP) section in the Single Sign-On User Guide
The OAuthAPI library provides functions that enable you to retrieve metadata from the Identity Provider, including endpoints, access tokens, scopes, user profiles, and more. It supports web services that are started in the following contexts:
- Behind a Genero Application Server (GAS).
- Not behind a GAS, such as applications that include mobile, desktop, and Text User Interface (TUI) apps.
- For a service (server-side) to connect as a client to another service.
An application running behind a GAS implements authentication slightly differently than an application not behind a GAS or in a service-to-service scenario. However, you will find that the overall OAuth implementation generally follows the same pattern.
This process involves the following steps:
- The client calls the OAuthAPI.init() function to register the token for accessing the secure RESTful web service.
- Once OAuth is initialized, you can use functions to:
- Create HTTP requests with the access token (for example, CreateHTTPAuthorizationRequest()).
- Manage metadata, such as retrieving user information and supported scopes (for example, GetOpenIDMetadata()).