OAuth2

OAuth 2.0 authorization is made easy with the new identity provider.

Labels
AJAX(112) App Studio(7) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(177) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(183) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(2) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
OAuth2
Sunday, May 19, 2024PrintSubscribe
Authorize With Any IdP, Many-To-Many Fields

OAuth Identity Provider

Code On Time release 8.9.42.0 introduces the new OAuth 2.0 Identity Provider as an application framework component. Developers can configure their apps to authorize users with any OAuth 2.0 compatible authorization server such as Google, Microsoft, Facebook, or another Code On Time app. Applications can authorize users through an open source IdP such as Keycloak to take advantage of SAML and OpenID Connect.

Enhance the user experience with the single sign-on for your public and enterprise apps. Multiple instances of OAuth 2.0 identity provider can be registered in the apps’ content management system.

Developers have an option to create a single app that serves as the identity provider for custom applications built using Code On Time or any other development platform. The dedicated identity provider application delivers the Federated Identity Management for your entire application collection. It is easy to link the identity provider application to any number of OAuth 2.0 authorization servers.

If you have experience setting up an API development tool for OAuth 2.0, you will have little trouble setting up your own applications.

image1.png
The OAuth 2.0 Identity Provider configuration screen of an app running on the 60595 port at the localhost address. This configuration allows using the Northwind demo application as the identity provider.

Many-To-Many Fields

Another highlight of this release includes various improvements to the SQL statement construction at runtime when the many-to-many fields coexist with fields based on formulas. Access Control Rules and user-defined filters are correctly folded to the appropriate block of the SELECT statements.

Summary

The following features and product enhancements are included in this release:

  • (Framework) Filtering of many-to-many fields will not cause an exception when there are formula-based fields that are referencing custom parameters.
  • (Touch UI) The client app does not respond to the resize and orientation change events triggered when the initialization has not finished yet. This may happen in the WebKit browsers, when the browser changes the window layout while the document is still being parsed.
  • (Framework) Business rule developers have access to the UserClaims JSON object representing the id_token from the identity provider that has authorized the current user.
  • (Touch UI) The progress screen message is correctly centered when the app is running in the App Studio mode.
  • (OAuth 2) Multiple instances of OAuth 2.0 Identity Provider can be registered for OAuth 2.0 authorization with any compatible IdP.
  • (OAuth) Error inspection code makes sure that there is a response in the exception. There will be none if the authorization server is not available.
  • (Data Aquarium) The JavaScript expressions specified in Visible When, Read-Only, etc are correctly handling situations when two fields with the same root are being used. For example, the following expressions will not cause the runtime exception anymore:
  • JavaScript
    12this.Field1 != null && this.Field1Suffix != null
    $row.Field != null && $row.Field1Sufix != null
  • (Universal Input) The list-based inputs (radio, listbox) now advance to the next data input when changed if the data field is tagged as lookup-auto-advance.
  • (Universal Input) The Up/Down icon of the DropDownList input now has a transparent background for a better presentation when other inputs have a slight overlap and bleed into its boundaries. The "dropdown" icon of the lookup fields in forms have an opaque background in the Property Grid only.
  • (OAuth) The /oauth2/v2 endpoint is added to the provider URI of a client app if it is not based on App Identity.
  • (CMS) The OAuth2 identity requests are identified in the content description.
  • (OAuth) The settings object embedded in the pages now includes the idP key that represents the dictionary of the display names of the identity providers registered in the content management system The "cached" dictionary is refreshed every fifteen minutes.
  • (REST) The preferred_username claim is set to the username when the profile scope is requested by the client app during the OAuth 2.0 authorization sequence.
  • (CMS) The "Protocol" of an existing identity consumer is read-only when open in the Site Content (app's CMS).
  • (Touch UI) Enhanced the algorithm of toolbar menu fade-in effect.
Tuesday, May 14, 2024PrintSubscribe
Generic OAuth 2.0 Identity Provider

The OAuth 2.0 Authorization tutorial provides instructions on how to configure an OAuth 2.0 identity provider in a Code On Time application. The example uses both the Google Account and the Northwind demo application as the identity providers and a sample application running on localhost as the client. The document includes detailed steps on configuring the identity provider, the client application, and the authorization flow.

The configuration process involves setting up the identity provider's client ID, client secret, redirect URI, and other parameters. The client application is configured to use the identity provider's authorization URI, access token URI, and other endpoints. The authorization flow describes how the user is redirected to the identity provider's login page, signs in, and is redirected back to the client application.

One of the key features of this setup is that users can sign in to the client application using their Google or Northwind account credentials, which are stored securely by the identity provider. This eliminates the need for users to create and manage separate accounts for the client application. Additionally, the document discusses how user tokens are stored persistently in the client application, allowing for seamless authentication and authorization in subsequent requests.

The tutorial provides a comprehensive guide for configuring an OAuth 2.0 identity provider in a Code On Time application, enabling users to leverage a trusted external identity provider for authentication. It highlights the benefits of using an external identity provider for secure and convenient user authentication.

image1.png
Your own registration of Google as identity provider will be identical with the exception of the values in the Redirect Uri, Client ID, and Client Secret fields.
Explore how to set up your application for user authentication using OAuth 2.0 Authorization, which is supported by widely used identity providers.
Labels: OAuth, OAuth2, Security
Monday, March 18, 2024PrintSubscribe
March 2024 Hotfix #2

The release 8.9.39.0 introduces the following enhancements to the application framework:

  • (OAuth) The TextUtlity.ToUniversalTime() method is used to parse the dates serialized in the OAuth data entries. This resolves the incorrect date parsing that was occuring in some locales. The error was reported as "String was not recognized as valid DateTime".
  • (Framework) The TextUtilities.ParseYamlOrJson() method will parse JSON without attempting to detect the "date" values. The serialized dates must be converted from the "string" type to the corresponding "date" type explicitly (REST Level 2). This avoids incorrect processing during the OAuth 2.0 authorization.
  • (RESTul) The $app.restful() method will correctly process requests with the query parameter when the url is specified explicitly.
  • (App Gen) The app generator will make up to 10 attempts to modify the configuration file of IIS Express when starting apps. This may be required when IIS Express is installed for the first time and performs the construction of its configuration files.
  • (App Gen) Enhanced the detection of the installed Microsoft IIS Express.
  • (App Gen) The App Studio is started even when the [Documents]\IISExpress folder does not exist. This ensures the successful creation of the first project on the workstations that have not had VS or IISExpress installed.
  • (App Gen) The new entries in the Sync.*.xml logs are time-stamped with the UTC dates. This ensures the correct merging of the App Studio and legacy Project Designer log entries.