OAuth Tips

For developers that are beginning to investigate oAuth and IBM Connections Cloud, you’ll find two interesting things about the oAuth 1.0a web flows and the oAuth 2.0 web flows.

1- The flows don’t support extra on the flow – for instance the state parameter. state=XYZ123

2- The oAuth 2.0 flow expects callback_uri, not the common redirect_uri parameter.

The various flows are located at oAuth 1.0a web flow and oAuth 2.0 web flow

A Few OAuth Notes

While I was working with a fellow developer building an integration for IBM Connections on premises, I found out about a couple of key items with the OAuth Provider.

1 – You can see a JSON Array of the Current User Tokens, when logged in as that user.

Navigate to https://sbdev.server:444/oauth2/authzMgmt/connectionsProvider

Login to IBM Connections

Look at the JSON Data to see the Granted Applications for the Logged in User

Apps
Apps

2 – You can see all the applications which are granted user oauth tokens – automatically authorized and manually authorized.

Navigate to https://sbtdev.server/common/oauth/apps?autoAuth=true

3 – OAuth Whitelists

Per
http://www-01.ibm.com/support/docview.wss?uid=swg21627911 , you can update your OAuth whitelists based on the client-id you set.

“As a measure to reduce hassle to users for trusted OAuth clients, IBM Connections implements an extension to the OAuth protocol that allows whitelisted clients to skip the authorization request when utilized from within the Connections user interface. In order to list an application as a trusted auto-authorization enabled client, an administrator must perform steps that are covered by the product documentation topic http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Registering_an_OAuth_client_with_a_provider_ic40 .

Edit the connectionsProvider.xml in the Deployment Manager profile.

clients-oauth

Synchronize your nodes, and restart the server.

Volia… you have

Finally you can read more about OAuth at  http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_registeroauthclientwprovider.dita

IBM SmartCloud Connections using Ruby

Recently, I was asked by a partner integrating with IBM SmartCloud for Social Business‘ IBM Connections Files service how to do so in Ruby.   I thought this brief demonstration code would help Ruby developers build a compelling integration.

Note, I have already gone through the OAuth Dance and generated an OAuth Bearer Token. I have expired this particular token so as to make the code safe for republishing.

cURL, oAuth and IBM SmartCloud for Social Business

For folks that are just getting started with IBM SmartCloud for Social Business, such that they are curious about scripting cURL and oAuth 2.0 flows so you can generate a Bearer token, please follow these steps.

Login to IBM SmartCloud for Social Business – https://apps.na.collabserv.com
Navigate over to Internal Apps – https://apps.na.collabserv.com/manage/account/isv/input
Click Register App
On the popup window, enter the application details:

Name Value
App Name paultest
App Description An application to demonstrate oAuth2.0
oAuth Type Check Enable API Access via OAuth2.0 Web Server Flow
Access Grant Duration 90 Days
Callback URL https://localhost/callback

 

Click Register

You should see a message that states app registered successfully.

InternalApps

Find your App Name (paultest), Click on the Down Caret > Show Credentials

Click Show Client Secret

Copy down the ClientID, Client Secret, Web App CallbackURL

Name Value
ClientID app_20085940_1399482973905
Client Secret a133ed0de271c2253e5cfe146c1765e012dcc1241de29ed7d4e56f0fce2b923678afd5e5
Callback URL https://localhost/callback

 

Navigate to https://apps.na.collabserv.com/manage/oauth2/authorize?response_type=code&client_id=YOUR_CLIENT_ID&callback_uri=YOUR_CALLBACK
Replace YOUR_CLIENT_ID with the ClientID above
Replace YOUR_CALLBACK with the Callback URL above

You should be redirected to the Grant page.

Click Grant Access and Leave Site

Grant

Copy the Generated URL from the Browser Bar

URL
https://localhost/callback?code=edc5fc9fb77d7df86663d16cd0b56c44444de03d88266b4148752900863fc65604bbbe9c277d235f7c60d860321b548e3ab4131511ad5803442e790c35a120aad4493779bc1a71c8885caec4860ce92d748880a8740c8d349e2b6fa96d285ad17a8537648dd5101fb451fc30bde8d7976ba381367b4379e2d0d509aab27b607

Save the Value of Code

Name Value
Code    edc5fc9fb77d7df86663d16cd0b56c44444de03d88266b4148752900863fc65604bbbe9cb4379e2d0d509aab27b607

 

Now you should check to see if cURL is installed, else, you can download it from http://curl.haxx.se/ or use yum install curl.

In addition to the client id, client secret and callback url, we are going to use the authorize and token endpoints which are needed to generate a Bearer token.

Name Value
Authorization Endpoint https://apps.na.collabserv.com/manage/oauth2/authorize
Token Endpoint https://apps.na.collabserv.com/manage/oauth2/token

 

Open a Terminal Window

Launch the command to get the Bearer Token

curl -X POST https://apps.na.collabserv.com/manage/oauth2/token \
-d client_id=YOUR_CLIENT_ID \
-d client_secret=YOUR_CLIENT_SECRET \
-d callback_uri=YOUR_CALLBACK \
-d code=YOUR_AUTHORIZATION_CODE \
-d grant_type=authorization_code

You see

access_token=16c7f772427f367be615ffaefd8293cff73646e246e1d094a63dd914c43b9e3efd84809378199815886d83a740&refresh_token=5b1e334d4de0b8e39c3dff8fd1c88dc8d9169fdbe7a0759b155dcd2b3a0479c47f5b&issued_on=1399488937103&expires_in=7200000&token_type=Bearer

*note the tokens have been trimmed in size. *

Now, you can make a request to SmartCloud for Social Business using the Bearer Token (access token)

curl –header “Authorization: Bearer 16c7f772427f367be615ffaefd8293cff73646e246e1d094a63dd914c43b9e3efd84809378199815886d83a740ea6ef1713c6dc310b4cac9730bad0426bfe1abd0eaefadef38411243d21546e2645dad16c35fb299da8d642de665582b559cef50d9742f12313f7b90a5977f7cc08c34a8bafe7” https://apps.na.collabserv.com/lotuslive-shindig-server/social/rest/people/@me

You see response data:

{"entry":{"photos":[{"value":"PROFILES","type":"Source"},{"value":"20089096__1386184300.jpg","type":"Photo"}],"telephone":"111-111-1111","aboutMe":"test software engineer","profileUrl":"https://apps.na.collabserv.com/contacts/profiles/view/20089096","mobilephone":"111-111-1112","orgs":[{"value":"PROFILES","type":"Source"},{"value":"Mentorship Expressway","type":"Org"}],"country":"US","website":"www.mycompany.com","id":"na.collabservtest.lotus.com:user:20089096","fax":"111-111-1114","orgId":20085940,"addresses":[{"value":"PROFILES","type":"Source"},{"address":""},{"address":""},{"address":""}],"photo":"20089096__1386184300.jpg","emailAddress":"pbastide@us.ibm.com","websites":[{"value":"PROFILES","type":"Source"},{"website":""},{"website":""},{"title":"Test","website":"http://T22"},{"website":"www.mycompany.com"}],"fullName":"Paul Bastide","objectId":20089096,"jobtitle":"Director","ims":[],"emails":[{"title":"Primary Email","email":"pbastide@us.ibm.com"}],"org":{"name":"Mentorship Expressway"},"displayName":"Paul Bastide","phoneNumbers":[{"value":"PROFILES","type":"Source"},{"title":"Contact","phone":"978-000-0000"},{"title":"ID","phone":"GGGG"},{"phone":""},{"title":"Primary Telephone","phone":"111-111-1111"},{"title":"MobilePhone","phone":"111-111-1112"},{"title":"Fax","phone":"111-111-1114"}]}}

That’s it, you now know how to use the Bearer Token with oAuth and SmartCloud.

Reference

https://labs.hybris.com/2012/06/18/trying-out-oauth2-via-curl/