OAuth 2.0 authorization is made easy with the new identity provider.
OAuth Identity Provider
Code On Time release 8.9.42.0 introduces the new OAuth 2.0 Identity Provider as an application framework component. Developers can configure their apps to authorize users with any OAuth 2.0 compatible authorization server such as Google, Microsoft, Facebook, or another Code On Time app. Applications can authorize users through an open source IdP such as Keycloak to take advantage of SAML and OpenID Connect.
Enhance the user experience with the single sign-on for your public and enterprise apps. Multiple instances of OAuth 2.0 identity provider can be registered in the apps’ content management system.
Developers have an option to create a single app that serves as the identity provider for custom applications built using Code On Time or any other development platform. The dedicated identity provider application delivers the Federated Identity Management for your entire application collection. It is easy to link the identity provider application to any number of OAuth 2.0 authorization servers.
If you have experience setting up an API development tool for OAuth 2.0, you will have little trouble setting up your own applications.
The OAuth 2.0 Identity Provider configuration screen of an app running on the 60595 port at the localhost address. This configuration allows using the Northwind demo application as the identity provider.
Many-To-Many Fields
Another highlight of this release includes various improvements to the SQL statement construction at runtime when the many-to-many fields coexist with fields based on formulas. Access Control Rules and user-defined filters are correctly folded to the appropriate block of the SELECT statements.
Summary
The following features and product enhancements are included in this release:
(Framework) Filtering of many-to-many fields will not cause an exception when there are formula-based fields that are referencing custom parameters.
(Touch UI) The client app does not respond to the resize and orientation change events triggered when the initialization has not finished yet. This may happen in the WebKit browsers, when the browser changes the window layout while the document is still being parsed.
(Framework) Business rule developers have access to the UserClaims JSON object representing the id_token from the identity provider that has authorized the current user.
(Touch UI) The progress screen message is correctly centered when the app is running in the App Studio mode.
(OAuth 2) Multiple instances of OAuth 2.0 Identity Provider can be registered for OAuth 2.0 authorization with any compatible IdP.
(OAuth) Error inspection code makes sure that there is a response in the exception. There will be none if the authorization server is not available.
(Data Aquarium) The JavaScript expressions specified in Visible When, Read-Only, etc are correctly handling situations when two fields with the same root are being used. For example, the following expressions will not cause the runtime exception anymore:
(Universal Input) The list-based inputs (radio, listbox) now advance to the next data input when changed if the data field is tagged as lookup-auto-advance.
(Universal Input) The Up/Down icon of the DropDownList input now has a transparent background for a better presentation when other inputs have a slight overlap and bleed into its boundaries. The "dropdown" icon of the lookup fields in forms have an opaque background in the Property Grid only.
(OAuth) The /oauth2/v2 endpoint is added to the provider URI of a client app if it is not based on App Identity.
(CMS) The OAuth2 identity requests are identified in the content description.
(OAuth) The settings object embedded in the pages now includes the idP key that represents the dictionary of the display names of the identity providers registered in the content management system The "cached" dictionary is refreshed every fifteen minutes.
(REST) The preferred_username claim is set to the username when the profile scope is requested by the client app during the OAuth 2.0 authorization sequence.
(CMS) The "Protocol" of an existing identity consumer is read-only when open in the Site Content (app's CMS).
(Touch UI) Enhanced the algorithm of toolbar menu fade-in effect.