4D-NetKit

OAuth2Provider Class

Overview

The OAuth2Provider class allows you to request authentication tokens to third-party web services providers in order to use their APIs in your application. This is done in two steps:

  1. Using the New OAuth2 provider component method, you instantiate an object of the OAuth2Provider class that holds authentication information.
  2. You call the OAuth2ProviderObject.getToken() class function to retrieve a token from the web service provider.

Here’s a diagram of the authorization process: authorization-flow

This class can be instantiated in two ways:

Warning: OAuth2 authentication in signedIn mode requires a browser. Since some servers have restrictions regarding the supported browsers (for example, check this Google support page), the functionality may not work properly.

Warning: Shared objects are not supported by the 4D NetKit API.

Table of contents

New OAuth2 provider

The New OAuth2 provider method instantiates an object of the OAuth2Provider class that holds authentication information.

For a full description of the method, its parameters, the available properties of paramObj, the returned object and examples, please refer to the New OAuth2 provider method page.

OAuth2ProviderObject.getToken()

OAuth2ProviderObject.getToken() : Object

Parameter Type   Description
Result Object <- Object that holds information on the token retrieved

Description

.getToken() returns an object that contains a token property (as defined by the IETF), as well as optional additional information returned by the server:

Property Object properties Type Description  
  token   Object Token returned
    expires_in Text How long the access token is valid (in seconds).
    access_token Text The requested access token.
    refresh_token Text Your app can use this token to acquire additional access tokens after the current access token expires. Refresh tokens are long-lived, and can be used to retain access to resources for extended periods of time. Available only if the value of the permission property is “signedIn”.
    token_type Text Indicates the token type value. The only token type that Azure AD supports is “Bearer”.
    id_token text id_token value associated with the authenticated session. Present only for openID requests.
    scope Text A space separated list of permissions that the access_token is valid for.
  tokenExpiration   Text Timestamp (ISO 8601 UTC) that indicates the expiration time of the token

If the value of token is empty, the command sends a request for a new token.

If the token has expired:

When requesting access on behalf of a user (“signedIn” mode) the command opens a web browser to request authorization.

In “signedIn” mode, when .getToken() is called, a web server included in 4D NetKit starts automatically on the port specified in the redirectURI parameter to intercept the provider’s authorization response and display it in the browser.

See also

Google Class
Office365 Class
Secure OpenID Authentication with nonce attribute (blog post)