OAuth Identity Provider

Code On Time release 8.9.42.0 introduces the new OAuth 2.0 Identity Provider as an application framework component. Developers can configure their apps to authorize users with any OAuth 2.0 compatible authorization server such as Google, Microsoft, Facebook, or another Code On Time app. Applications can authorize users through an open source IdP such as Keycloak to take advantage of SAML and OpenID Connect.

Enhance the user experience with the single sign-on for your public and enterprise apps. Multiple instances of OAuth 2.0 identity provider can be registered in the apps’ content management system.

Developers have an option to create a single app that serves as the identity provider for custom applications built using Code On Time or any other development platform. The dedicated identity provider application delivers the Federated Identity Management for your entire application collection. It is easy to link the identity provider application to any number of OAuth 2.0 authorization servers.

If you have experience setting up an API development tool for OAuth 2.0, you will have little trouble setting up your own applications.

The *OAuth 2.0 Identity Provider* configuration screen of an app running on the 60595 port at the *localhost* address. This configuration allows using the Northwind demo application as the identity provider.

Many-To-Many Fields

Another highlight of this release includes various improvements to the SQL statement construction at runtime when the many-to-many fields coexist with fields based on formulas. Access Control Rules and user-defined filters are correctly folded to the appropriate block of the SELECT statements.

Summary

The following features and product enhancements are included in this release:

(Framework) Filtering of many-to-many fields will not cause an exception when there are formula-based fields that are referencing custom parameters.
(Touch UI) The client app does not respond to the resize and orientation change events triggered when the initialization has not finished yet. This may happen in the WebKit browsers, when the browser changes the window layout while the document is still being parsed.
(Framework) Business rule developers have access to the UserClaims JSON object representing the id_token from the identity provider that has authorized the current user.
(Touch UI) The progress screen message is correctly centered when the app is running in the App Studio mode.
(OAuth 2) Multiple instances of OAuth 2.0 Identity Provider can be registered for OAuth 2.0 authorization with any compatible IdP.
(OAuth) Error inspection code makes sure that there is a response in the exception. There will be none if the authorization server is not available.
(Data Aquarium) The JavaScript expressions specified in Visible When, Read-Only, etc are correctly handling situations when two fields with the same root are being used. For example, the following expressions will not cause the runtime exception anymore:

JavaScript

12this.Field1 != null && this.Field1Suffix != null
$row.Field != null && $row.Field1Sufix != null

(Universal Input) The list-based inputs (radio, listbox) now advance to the next data input when changed if the data field is tagged as lookup-auto-advance.
(Universal Input) The Up/Down icon of the DropDownList input now has a transparent background for a better presentation when other inputs have a slight overlap and bleed into its boundaries. The "dropdown" icon of the lookup fields in forms have an opaque background in the Property Grid only.
(OAuth) The /oauth2/v2 endpoint is added to the provider URI of a client app if it is not based on App Identity.
(CMS) The OAuth2 identity requests are identified in the content description.
(OAuth) The settings object embedded in the pages now includes the idP key that represents the dictionary of the display names of the identity providers registered in the content management system The "cached" dictionary is refreshed every fifteen minutes.
(REST) The preferred_username claim is set to the username when the profile scope is requested by the client app during the OAuth 2.0 authorization sequence.
(CMS) The "Protocol" of an existing identity consumer is read-only when open in the Site Content (app's CMS).
(Touch UI) Enhanced the algorithm of toolbar menu fade-in effect.

Tuesday, May 14, 2024Print Subscribe

Generic OAuth 2.0 Identity Provider

The OAuth 2.0 Authorization tutorial provides instructions on how to configure an OAuth 2.0 identity provider in a Code On Time application. The example uses both the Google Account and the Northwind demo application as the identity providers and a sample application running on localhost as the client. The document includes detailed steps on configuring the identity provider, the client application, and the authorization flow.

The configuration process involves setting up the identity provider's client ID, client secret, redirect URI, and other parameters. The client application is configured to use the identity provider's authorization URI, access token URI, and other endpoints. The authorization flow describes how the user is redirected to the identity provider's login page, signs in, and is redirected back to the client application.

One of the key features of this setup is that users can sign in to the client application using their Google or Northwind account credentials, which are stored securely by the identity provider. This eliminates the need for users to create and manage separate accounts for the client application. Additionally, the document discusses how user tokens are stored persistently in the client application, allowing for seamless authentication and authorization in subsequent requests.

The tutorial provides a comprehensive guide for configuring an OAuth 2.0 identity provider in a Code On Time application, enabling users to leverage a trusted external identity provider for authentication. It highlights the benefits of using an external identity provider for secure and convenient user authentication.

Your own registration of Google as identity provider will be identical with the exception of the values in the *Redirect Uri*, *Client ID*, and *Client Secret* fields.

Labels: OAuth, OAuth2, Security

Wednesday, April 24, 2024Print Subscribe

Visual Fidelity, Controllers in Studio, etc.

The release 8.9.41.0 includes improvements to the service worker, user interface (UI), data caching, and framework enhancements. Additionally, there are updates to the RESTful API, input handling, and various components like TreeView, property grid, and lookup options. The overall focus of these changes is to enhance the user experience, improve performance, and ensure compatibility with latest technologies.

Enhanced Rendering of Forms

Switching between the read-only and editable state in a form will not cause layout shifting. The styling of universal inputs was adjusted to ensure the high fidelity of presentation. The asterisk displayed next to the labels of the editable fields is now rendered as a Material Symbols icon. Every form will look better when the app is regenerated with the new release.

Controllers Hierarchy in App Studio

We have completed the Controllers hierarchy configuration and implemented a robust set of “field” properties. Developers can inspect the UI of the live app and jump to the relevant configuration element. Changes to the “field” property values in the Properties Window are persisted to the project design and data controllers.

Make sure to inspect the hierarchy of your own projects. If you do find any inconsistencies, then please report them with the screenshots in a support ticket.

If you do make changes in the App Studio, then make sure to restart the app generator if you need to use the legacy Project Designer.

The next release will introduce the drag and drop manipulation of the hierarchy nodes and more editable properties.

Miscellaneous

The following enhancements are included in the release 8.9.41.0:

(PWA) The service worker will attempt to cache the response that has the http(s) schema only. The requests from the browser extensions to fetch resources from other schemas are ignored.
(Touch UI) The "required" fields are now displaying an asterisk based on a Material Symbols icon.
(Touch UI) The multi-line read-only text fields do not have the margin at the bottom.
(Touch UI) The "chevron" button in the lookup input has its top margin matching the natural top margin of the text value.
(Touch UI) Reduced the excessive bottom margin of the "read-only" form fields.
(Touch UI) Restored the visibility of the "View Details" button displayed next to the lookup fields.
(ACL) The "read '' permission on the data controllers now works with any kind of data. The framework does not change the SQL when selecting data. Instead the ViewPage instance removes the fetched data from the output. The Access Control List will have its own section in the App Studio in the future releases.
(Touch UI) The alternative view options are presented as the standard items in the sidebar. The previous releases rendered them as the TreeView items.
(Framework) The SQL "insert" statement will include the "default" expressions of the fields if the field value is not specified.
(Framework) The filter expressions are included in the resultset when a resultset is required to construct a SELECT statement. This allows creating dynamic access control rules and view-level filter expressions that work with the filtering of many-to-many inputs. Previously the filters were incorrectly included in the outer SELECT statement.
(Framework) Adding a virtual field without a formula will not break the filtering of many-to-many fields.
(Framework) Introduced the StorageServiceVersion property in the AzureBlobAdapterBase class. Developers can override the storage API version in the partial declaration of the AzureBlobAdapater class of their own project.
(Framework) The Azure blob adapter is now using the 2023-11-03 version of API.
(Touch UI) The input footer takes up to 90% of the available width if there is a text action associated with the input. value.
(Touch UI) Updated the icons to the latest Google Material Symbols. App Studio will allow a visual selection of icons in the relevant properties of application configuration elements.
(App Studio) The changes to the content in the Property Grid will trim the GET cache depth to 3 levels. This ensures fresh data fetched from the server.
(REStful) The $app.restful API optimizes the GET cache cleanup performed when the other HTTP methods are executed on any resource.
(Universal Input) The 'input' event triggered on a text input will clear the 'keepFocus' flag. This enables pasting the field values through the system context menu in the Property Window of the App Studio.
(TreeView) A notification with the text of the error and node template definition is displayed when the TreeView instance fails to create a node.
(Prop Grid) Boolean properties may have a custom list of values.
(Prop Grid) The configuration of properties allows custom lookup options such as the lookup-accept-any-value tag. Previously the property grid was overriding the custom definition with the lookup-null-value-none tag. App Studio uses custom lookup options in the definitions of some fields.
(TreeView) If the "related" node contains the selected child then the replacement of the related node "inner" content is performed. Otherwise the new node is created in the place of the original "related" node.
(Touch UI) The TreeView instance will trigger the "get" event to request data when a "related" node needs to be refreshed after a change to another node.
(App Studio) Enhanced algorithm of data field inspection will lead to the field definition in the view.
(Touch UI) Improved the algorithm of the toolbar menu positioning when the number of visible app toolbar buttons is changed in response to the user selection of data items.
(Framework) Moved AccessControllList from BusinessRules.cs|vb to Common.cs|vb.
(Touch UI) Removed the excessive height of the fields in the read-only mode.
(Touch UI) Wide notifications appear within the app boundaries in the App Studio mode.
(TreeView) By default, the TreeView does not track the last selected node.
(PropGrid) The property grid constructs the TreeView with the option to track selection.
(CMS) The content with no value in the Path will open correctly in “edit” mode when selected.

Labels: Release Notes