cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication to REST API with OAuth2

chouinard_
Champ on-the-rise
Champ on-the-rise

Hi, I'm using REST API within a Web Java App to get query results which works great but the next step is to authenticate without having to use user's passwords.

Is using OAuth2 to authenticate, the best way to do it ?

I've tried it and so far I can't get the response that will give me the authorization code to get the access token via Java code. When I try with http requests, it's ok but I have to accept (through oauth2Grant.jsp button), but I am missing something with using it with a Java HttpURLConnection...

Thanks.

4 REPLIES 4

Arnaud_Kervern
Confirmed Champ
Confirmed Champ

Hi,

I think there are several others solutions that fit better to your case. As you do not want to add any new user authentication step:

  • if your queries are executed server side on the same host, the easiest way is to use nuxeo-platform-login-portal-sso. A simple query header with a shared secret and the authenticated username.

  • if your queries are server side without a DMZ, you have to sign the request to ensure it goes safe. In this case i'll recommend you to use Oauth1 2 legged. Take a look to this jersey client filter to see how to handle it: https://github.com/nuxeo/nuxeo.io-manager/blob/master/nuxeo-io-manager/src/main/java/org/nuxeo/io/co....

  • if your queries are client <-> server, you can use nuxeo-platform-login-token, when authenticating a user; you'll ask Nuxeo to give you a token that you'll add to each user requests.

Hi, thanks for the answer.

Even if I recommend you to use something easier to handle HTTP request; like jersey-client, to query our REST API, you just need to

Where can we find some documentation about using nuxeo-platform-login-token from a client application ?

Welcome to the new Hyland Connect. Get started or submit feedback.