OAuthAPI overview

The OAuthAPI library supports the OAuth protocol that authenticates user access and issues access tokens.

The OAuth protocol is widely-used as a means of securing access to web services. It allows client access by verifying the identity of the end user. Third party Identity Providers (IdP) usually provide this service, or you can secure your RESTful services using the Genero Identity Provider service that is delivered in $FGLDIR/web_utilities/services/gip. For more information, see the Genero Identity Provider (GIP) section in the Genero Application Server User Guide

The OAuthAPI library provides functions that enables you to get metadata provided by the IdP, such as endpoints, access tokens, scopes, user profile, and so on. It has functions that can support web services that are started:
  • Behind a Genero Application Server (GAS).
  • Or for web services that are not behind GAS, for example, in the case of a mobile app.
  • Or for a service (server side) to connect (as a service client) to another service.

An application started behind a GAS has a slightly different means of implementing authentication than a mobile app, or a service to service. You will notice, however, that OAuth implementation follows basically the same pattern.

This involves the client calling an initialization function to register the token to access the secure RESTful Web service. Once OAuth is initialized, functions that create HTTP requests with the access token, and manage metadata can be used. See Post-initialization functions.