cURL, oAuth and IBM SmartCloud for Social Business

For folks that are just getting started with IBM SmartCloud for Social Business, such that they are curious about scripting cURL and oAuth 2.0 flows so you can generate a Bearer token, please follow these steps.

Login to IBM SmartCloud for Social Business – https://apps.na.collabserv.com
Navigate over to Internal Apps – https://apps.na.collabserv.com/manage/account/isv/input
Click Register App
On the popup window, enter the application details:

Name Value
App Name paultest
App Description An application to demonstrate oAuth2.0
oAuth Type Check Enable API Access via OAuth2.0 Web Server Flow
Access Grant Duration 90 Days
Callback URL https://localhost/callback

 

Click Register

You should see a message that states app registered successfully.

InternalApps

Find your App Name (paultest), Click on the Down Caret > Show Credentials

Click Show Client Secret

Copy down the ClientID, Client Secret, Web App CallbackURL

Name Value
ClientID app_20085940_1399482973905
Client Secret a133ed0de271c2253e5cfe146c1765e012dcc1241de29ed7d4e56f0fce2b923678afd5e5
Callback URL https://localhost/callback

 

Navigate to https://apps.na.collabserv.com/manage/oauth2/authorize?response_type=code&client_id=YOUR_CLIENT_ID&callback_uri=YOUR_CALLBACK
Replace YOUR_CLIENT_ID with the ClientID above
Replace YOUR_CALLBACK with the Callback URL above

You should be redirected to the Grant page.

Click Grant Access and Leave Site

Grant

Copy the Generated URL from the Browser Bar

URL
https://localhost/callback?code=edc5fc9fb77d7df86663d16cd0b56c44444de03d88266b4148752900863fc65604bbbe9c277d235f7c60d860321b548e3ab4131511ad5803442e790c35a120aad4493779bc1a71c8885caec4860ce92d748880a8740c8d349e2b6fa96d285ad17a8537648dd5101fb451fc30bde8d7976ba381367b4379e2d0d509aab27b607

Save the Value of Code

Name Value
Code    edc5fc9fb77d7df86663d16cd0b56c44444de03d88266b4148752900863fc65604bbbe9cb4379e2d0d509aab27b607

 

Now you should check to see if cURL is installed, else, you can download it from http://curl.haxx.se/ or use yum install curl.

In addition to the client id, client secret and callback url, we are going to use the authorize and token endpoints which are needed to generate a Bearer token.

Name Value
Authorization Endpoint https://apps.na.collabserv.com/manage/oauth2/authorize
Token Endpoint https://apps.na.collabserv.com/manage/oauth2/token

 

Open a Terminal Window

Launch the command to get the Bearer Token

curl -X POST https://apps.na.collabserv.com/manage/oauth2/token \
-d client_id=YOUR_CLIENT_ID \
-d client_secret=YOUR_CLIENT_SECRET \
-d callback_uri=YOUR_CALLBACK \
-d code=YOUR_AUTHORIZATION_CODE \
-d grant_type=authorization_code

You see

access_token=16c7f772427f367be615ffaefd8293cff73646e246e1d094a63dd914c43b9e3efd84809378199815886d83a740&refresh_token=5b1e334d4de0b8e39c3dff8fd1c88dc8d9169fdbe7a0759b155dcd2b3a0479c47f5b&issued_on=1399488937103&expires_in=7200000&token_type=Bearer

*note the tokens have been trimmed in size. *

Now, you can make a request to SmartCloud for Social Business using the Bearer Token (access token)

curl –header “Authorization: Bearer 16c7f772427f367be615ffaefd8293cff73646e246e1d094a63dd914c43b9e3efd84809378199815886d83a740ea6ef1713c6dc310b4cac9730bad0426bfe1abd0eaefadef38411243d21546e2645dad16c35fb299da8d642de665582b559cef50d9742f12313f7b90a5977f7cc08c34a8bafe7” https://apps.na.collabserv.com/lotuslive-shindig-server/social/rest/people/@me

You see response data:

{"entry":{"photos":[{"value":"PROFILES","type":"Source"},{"value":"20089096__1386184300.jpg","type":"Photo"}],"telephone":"111-111-1111","aboutMe":"test software engineer","profileUrl":"https://apps.na.collabserv.com/contacts/profiles/view/20089096","mobilephone":"111-111-1112","orgs":[{"value":"PROFILES","type":"Source"},{"value":"Mentorship Expressway","type":"Org"}],"country":"US","website":"www.mycompany.com","id":"na.collabservtest.lotus.com:user:20089096","fax":"111-111-1114","orgId":20085940,"addresses":[{"value":"PROFILES","type":"Source"},{"address":""},{"address":""},{"address":""}],"photo":"20089096__1386184300.jpg","emailAddress":"pbastide@us.ibm.com","websites":[{"value":"PROFILES","type":"Source"},{"website":""},{"website":""},{"title":"Test","website":"http://T22"},{"website":"www.mycompany.com"}],"fullName":"Paul Bastide","objectId":20089096,"jobtitle":"Director","ims":[],"emails":[{"title":"Primary Email","email":"pbastide@us.ibm.com"}],"org":{"name":"Mentorship Expressway"},"displayName":"Paul Bastide","phoneNumbers":[{"value":"PROFILES","type":"Source"},{"title":"Contact","phone":"978-000-0000"},{"title":"ID","phone":"GGGG"},{"phone":""},{"title":"Primary Telephone","phone":"111-111-1111"},{"title":"MobilePhone","phone":"111-111-1112"},{"title":"Fax","phone":"111-111-1114"}]}}

That’s it, you now know how to use the Bearer Token with oAuth and SmartCloud.

Reference

https://labs.hybris.com/2012/06/18/trying-out-oauth2-via-curl/

14 thoughts on “cURL, oAuth and IBM SmartCloud for Social Business”

  1. hi Paul

    I work an small IBM BP in Argentina, I’m currently implementing SmartCloud Notes for a client, that is migrating from postfix, about 2500 users.
    When you register a new user SmatCloud Notes, each user must log in with the username and password and change the password for another (the FINAL password). I’m looking for a way to accomplish this task in a massive way, via scripting, API or otherwise.

    you know if this is possible?

    thanks !

    1. hey Federico, Mark Wallace, a colleague of mine in IBM Connections Cloud, built a utility based on the IBM Social Business Toolkit which does exactly that step. https://github.com/OpenNTF/SocialSDK/blob/05910dc6da35c335175c381bfad3bb40a2a20fee/samples/java/sbt.bss.changepassword.app/src/bss/changepassword/app/ChangePassword.java the URL you pass in is https://apps.na.collabserv.com (just the base URL). you can download the binaries from https://github.com/OpenNTF/SocialSDK/releases/tag/sbtsdk-1.0.3.20140723-1200 *you’ll only need the java dependencies. *** full code here – https://github.com/OpenNTF/SocialSDK/tree/master/samples/java/sbt.bss.changepassword.app

  2. Hello Paul

    Have you tried to use grant_type=password? I want to have a backend server authenticate against SmartCloud. I cannot seem to get the message format correct…unless they do not offer this.

    Paul

  3. What kinds of grant_type you recommended for an hybrid mobile app? Or how can go directly to page for Grant Access get the code, and use iti between adapters in worklight?

    1. There is essentially one authorization. You will have to present the browser to the client and capture the returned code

  4. I just want to say that I like your posting. In fact I am using your site regularly. Your articles are very effective and i am very thankful to you for sharing this site with knowledgeable content .

  5. Thank’s for a great article! It has been very helpful for me. I’ve used it to find out how to establish a trusted connection from a managed bean on a Domino server to Connections Cloud. I’ve used the access_token to set up an HttpGet object with a “Bearer Authorization Header” in Java, and used this to query Connections Cloud APIs.
    My next challenge is that I must figure out how to best work with the Connections Cloud APIs. At this moment I see two alternatives:

    1) Using the SBTSDK from Java. This way I have a complete object model and well defined functions to work with. However, I don’t see how I may pass over the “authentication information” I described above to the SBTSDK. Is there a way that I may define an Endpoint with the access_token / Bearer authorization, and use this Endpoint for the SBTSDK function calls?

    2) The other alternative is to (continue to) work with HTTP and use the APIs defined on https://www-10.lotus.com/ldd/appdevwiki.nsf/xpAPIViewer.xsp?lookupName=API+Reference#action=openDocument&content=catcontent&ct=api
    However, many of these APIs seems to deliver Atom/XML feeds instead of JSON. This may generate a lot of network traffic and may also be quite heavy to work with, compared to JSON. Is it only the OpenSocial REST APIs that are using JSON at this time? Or are there other REST based APIs for Connections Cloud that I should look into?

    Any help (descriptions or references) is most apreatiated. Thanks!
    Rune

    1. Hi Rune, you can extend the services class and add a custom header, Authorization with the value Bearer. However, it’s easier if you differ the bearer use to the ConnectionsOAuth2Endpoint.

      There is varying support for JSON, try format=json with an API to find out if it supports JSON.
      you can also convert using the SBT into JSON, there is a transformer class.

      1. Hi Paul,
        I’ve had a look at your suggestion on using the ConnectionsOAuth2Endpoint. As mentioned earlier, I’ve already got code that retrieves the access_token from Connections Cloud. I’m not sure if you mean that I should:
        1) Continue to use this code, and (somehow) pass the access_token to a ConnectionsOAuth2Endpoint object.
        Or if I should:
        2) Forget my old code, and build the ConnectionsOAuth2Endpoint object “from scratch”, using the setConsumerKey(), setConsumerSecret(), setAuthorizationURL() etc.

        If 1), I suppose I must find out where to assign the access_token, and also which other values of the ConnectionsOAuth2Endpoint I must set as a minimum.
        If 2), I see that I may set most of the required OAuth2 parameters (ConsumerKey, ConsumerSecret etc). However, I fail to see where I may set the CallbackUrl, and also how I may get my ConnectionsOAuth2 object to handle the callback. I see that the OAuth2Handler class has a getCallbackUrl() method that uses Context to deduce the CallbackUrl, but I don’t se how this should work in my situation.
        I’m sorry if I have comprehensive questions, but I haven’t been able to find any documentation for SBTSDK and OAuth2, explaining these topics thoroughly. Please let me know if there is a documentation that I should have read.

        Thanks!
        Rune

        1. The SBTSDK wraps the complexities of authentication into helper classes. the OAuthEndpoint provides the renew and access token flows. If you want to get complete control of the flow, you should look at Extending each service, and adding your own headers to each request, and use an AnonymousEndpoint.

          using authentication from another application with the SBTSDK was not it’s original intent.

Leave a Reply

Your email address will not be published. Required fields are marked *