Hyland Connect

chouinard_ · ‎09-21-2015

Hi, I'm using REST API within a Web Java App to get query results which works great but the next step is to authenticate without having to use user's passwords.

Is using OAuth2 to authenticate, the best way to do it ?

I've tried it and so far I can't get the response that will give me the authorization code to get the access token via Java code. When I try with http requests, it's ok but I have to accept (through oauth2Grant.jsp button), but I am missing something with using it with a Java HttpURLConnection...

Thanks.

Arnaud_Kervern · ‎09-24-2015

Hi,

I think there are several others solutions that fit better to your case. As you do not want to add any new user authentication step:

if your queries are executed server side on the same host, the easiest way is to use nuxeo-platform-login-portal-sso. A simple query header with a shared secret and the authenticated username.
if your queries are server side without a DMZ, you have to sign the request to ensure it goes safe. In this case i'll recommend you to use Oauth1 2 legged. Take a look to this jersey client filter to see how to handle it: https://github.com/nuxeo/nuxeo.io-manager/blob/master/nuxeo-io-manager/src/main/java/org/nuxeo/io/co....
if your queries are client <-> server, you can use nuxeo-platform-login-token, when authenticating a user; you'll ask Nuxeo to give you a token that you'll add to each user requests.

chouinard_ · ‎09-24-2015

Hi, thanks for the answer.

Arnaud_Kervern · ‎09-25-2015

Even if I recommend you to use something easier to handle HTTP request; like jersey-client, to query our REST API, you just need to

pibou_Bouvret · ‎04-28-2016

Where can we find some documentation about using nuxeo-platform-login-token from a client application ?

Hyland Connect

Authentication to REST API with OAuth2