09-21-2015 02:43 PM
Hi, I'm using REST API within a Web Java App to get query results which works great but the next step is to authenticate without having to use user's passwords.
Is using OAuth2 to authenticate, the best way to do it ?
I've tried it and so far I can't get the response that will give me the authorization code to get the access token via Java code. When I try with http requests, it's ok but I have to accept (through oauth2Grant.jsp button), but I am missing something with using it with a Java HttpURLConnection...
Thanks.
09-24-2015 04:42 AM
Hi,
I think there are several others solutions that fit better to your case. As you do not want to add any new user authentication step:
if your queries are executed server side on the same host, the easiest way is to use nuxeo-platform-login-portal-sso. A simple query header with a shared secret and the authenticated username.
if your queries are server side without a DMZ, you have to sign the request to ensure it goes safe. In this case i'll recommend you to use Oauth1 2 legged. Take a look to this jersey client filter to see how to handle it: https://github.com/nuxeo/nuxeo.io-manager/blob/master/nuxeo-io-manager/src/main/java/org/nuxeo/io/co....
if your queries are client <-> server, you can use nuxeo-platform-login-token, when authenticating a user; you'll ask Nuxeo to give you a token that you'll add to each user requests.
09-24-2015 09:27 AM
Hi, thanks for the answer.
09-25-2015 08:01 AM
Even if I recommend you to use something easier to handle HTTP request; like jersey-client, to query our REST API, you just need to
04-28-2016 02:12 AM
Where can we find some documentation about using nuxeo-platform-login-token from a client application ?
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.