OAuth2

Integrate any OAuth 2.0 compatible authorization server in your apps.

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(12) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(10) PKCE(2) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(180) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
OAuth2
Tuesday, May 14, 2024PrintSubscribe
Generic OAuth 2.0 Identity Provider

The OAuth 2.0 Authorization tutorial provides instructions on how to configure an OAuth 2.0 identity provider in a Code On Time application. The example uses both the Google Account and the Northwind demo application as the identity providers and a sample application running on localhost as the client. The document includes detailed steps on configuring the identity provider, the client application, and the authorization flow.

The configuration process involves setting up the identity provider's client ID, client secret, redirect URI, and other parameters. The client application is configured to use the identity provider's authorization URI, access token URI, and other endpoints. The authorization flow describes how the user is redirected to the identity provider's login page, signs in, and is redirected back to the client application.

One of the key features of this setup is that users can sign in to the client application using their Google or Northwind account credentials, which are stored securely by the identity provider. This eliminates the need for users to create and manage separate accounts for the client application. Additionally, the document discusses how user tokens are stored persistently in the client application, allowing for seamless authentication and authorization in subsequent requests.

The tutorial provides a comprehensive guide for configuring an OAuth 2.0 identity provider in a Code On Time application, enabling users to leverage a trusted external identity provider for authentication. It highlights the benefits of using an external identity provider for secure and convenient user authentication.

image1.png
Your own registration of Google as identity provider will be identical with the exception of the values in the Redirect Uri, Client ID, and Client Secret fields.
Labels: OAuth, OAuth2, Security
Monday, March 18, 2024PrintSubscribe
March 2024 Hotfix #2

The release 8.9.39.0 introduces the following enhancements to the application framework:

  • (OAuth) The TextUtlity.ToUniversalTime() method is used to parse the dates serialized in the OAuth data entries. This resolves the incorrect date parsing that was occuring in some locales. The error was reported as "String was not recognized as valid DateTime".
  • (Framework) The TextUtilities.ParseYamlOrJson() method will parse JSON without attempting to detect the "date" values. The serialized dates must be converted from the "string" type to the corresponding "date" type explicitly (REST Level 2). This avoids incorrect processing during the OAuth 2.0 authorization.
  • (RESTul) The $app.restful() method will correctly process requests with the query parameter when the url is specified explicitly.
  • (App Gen) The app generator will make up to 10 attempts to modify the configuration file of IIS Express when starting apps. This may be required when IIS Express is installed for the first time and performs the construction of its configuration files.
  • (App Gen) Enhanced the detection of the installed Microsoft IIS Express.
  • (App Gen) The App Studio is started even when the [Documents]\IISExpress folder does not exist. This ensures the successful creation of the first project on the workstations that have not had VS or IISExpress installed.
  • (App Gen) The new entries in the Sync.*.xml logs are time-stamped with the UTC dates. This ensures the correct merging of the App Studio and legacy Project Designer log entries.
Sunday, May 28, 2023PrintSubscribe
Lesson: Native App Authorization

Developers rely on a variety of platforms to deliver mobile apps. It is easy to set up the user authorization with an application created with Code On Time. The embedded RESTful API Engine implements OAuth 2.0 protocol with multiple authorization flows. Native applications can be programmed to have enterprise level security with little effort. The lesson explains how to configure Postman, the popular API development tool, to get the access tokens from the RESTful Backend Application. Any native client app will implement a similar pattern of authorization.

Learn to acquire access tokens in the native app via OAuth 2.0 Authorization Code flow with PKCE.
Configure New Token section allows setup of a separate request to capture a new access token from the backend application.
Postman provides the means of capturing the access tokens from any OAuth 2.0 compliant identity server. RESTful API Engine of apps created with Code On Time has the built-in support for OAuth 2.0 authorization flows. Developers can configure Postman to capture the access tokens from a Code On Time application.
Configure New Token section allows setup of a separate request to capture a new access token from the backend application.
Postman provides the means of access token capturing from any OAuth 2.0 compliant identity server. RESTful API Engine of apps created with Code On Time has the built-in support for OAuth 2.0 authorization flows. Developers can configure Postman to capture the access tokens from a Code On Time application.
Postman exchanges the authorization code for an access token with the backend application. The response is presented in the Manage Access Tokens window.
Developers can name the new Access Token and use it for development purposes in the Manage Access Tokens window. Typically the name of the token is the username.
Labels: OAuth2, Security