OAuth2

Syndicate content 8 

Articles and Questions regarding OAuth2 Authentication.

How can you allow computers to trust one another in your absence while maintaining security and privacy?

“A Dry Martini”, he said. “One. In a deep champagne goblet.”
“Oui, monsieur.”
“Just a moment. Three measures of Gordons, one of vodka, half a measure of Kina Lillet. Shake it very well until it’s ice-cold, then add a large thin slice of lemon peel. Got it?”
"Certainly, monsieur." The barman seemed pleased with the idea.
Casino Royale, Ian Fleming, 1953


OAuth helps to separate services with user credentials from “working” databases, both physically and geographically. It thereby strengthens the protection of identification data and, if necessary, helps you comply with the requirements of countries' data protection laws.

With OAuth, you can provide the user with the ability to work safely from multiple devices at once, while "exposing" personal data to various services and applications as little as possible. You can also avoid taking on "excess" data about users of your services (i.e. you can process data in a depersonalized form).

Continue Reading
Dmitrii Kuznetsov's picture
Dmitrii Kuznetsov 7 October 2019
+ 3   2 1
0

comments

114

views

+ 3

rating

This article, and following two articles of the series, is intended as a user guide for developers or system administrators, who need to work with OAuth 2.0 framework (further referred to as OAUTH for simplicity) in their InterSystems product based applications.

Continue Reading
Daniel Kutac's picture
Daniel Kutac 3 August 2016
Last comment 27 September 2019
+ 12   6 6
8

comments
4755

views

+ 12

rating

In .NET Core you have an option to extend a session using a "sliding expiration". This means that if over half the time has passed and the user actively uses their session then the expiry timer gets reset and the user remains logged in. This can lead to the curious situation where you have an active authenticated user with an expired access token being used in data-access requests.

Continue Reading
Stephen Wilson's picture
Stephen Wilson 20 September 2019
Last answer 20 September 2019
0   0 0
1

answers
0

comments

129

views

0

rating

OAuth server to be deployed on the IRIS learning cloud platform. Clients - one on the other instance of the learning IRIS server, the other client locally on my computer in the container docker.

Both clients get a seemingly correct link (through ##class(%SYS.OAuth2.Authorization).GetAuthorizationCodeEndpoint()) to the login request form:  

Continue Reading
Dmitrii Kuznetsov's picture
Dmitrii Kuznetsov 1 September 2019
Last answer 3 September 2019 Last comment 2 September 2019
+ 1   1 2
2

answers
1

comments
120

views

+ 1

rating

I have an OAuth 2.0 development environment where Caché is serving all three roles as the Authorization Server, Client and Resource Server based on a great 3-part series on OAuth 2.0 by @Daniel Kutac. I have a simple password grant type where an x-www-form-urlencoded body (as described in this post) is sent as a POST to the token endpoint at https://localhost:57773/oauth2/token and a response body with a HTTP Response 200 header is returned. The response body looks something like this.

Continue Reading
Stephen Wilson's picture
Stephen Wilson 13 August 2019
Last answer 13 August 2019 Last comment 13 August 2019
+ 1   0 2
1

answers
2

comments
203

views

+ 1

rating

Presenter: Dan Kutac
Task: Use a common login identity and a central mechanism of authentication across environments from multiple entities
Approach: Provide examples and code samples of an application environment using OpenID Connect and OAuth 2.0
 

Description: In this session we will demonstrate an application environment using OpenID Connect and OAuth 2.0. Hear how this is done and what options you have; and yes, you get to keep the code.

Problem: How to use a a common login identity (e.g. Facebook credentials) and a central mechanism of authorization cross environments from multiple entities.

Solution: Create awareness and interest in using OAuth 2.0

 

Content related to this session, including slides, video and additional learning content can be found here.

Continue Reading
Daniel Kutac's picture
Daniel Kutac 7 April 2016
Last comment 4 July 2019
0   1 2
2

comments
416

views

0

rating

Hi, 

Most of my development experience is with HL7v2 interfaces and I don't have a background in web development and I'm very weak with javascript.

I'm looking for suggestions of learning resources to learn FHIR  and 'SMART on FHIR' (JavaScript, OpenID connect, OAuth2) for developers like myself who mostly do HL7v2 integrations - but see FHIR as the future - and want to develop their skills!

I've found these 

Continue Reading
Stephen De Gabrielle's picture
Stephen De Gabrielle 21 May 2019
Last answer 21 May 2019
+ 1   0 2
1

answers
0

comments

262

views

+ 1

rating

I'm using Caché as an OAuth authorization server and I want to accept the password credentials grant type. I've found that if I make an authorize request, the Caché authorization server requires some URL parameters that shouldn't be required in password grant (redirect_uri, state, scope, and response_type). If I include these parameters, it calls my DirectLogin() method instead of just calling ValidateUser() as I would expect from the docs. I have two questions:

Continue Reading
Pravin Barton's picture
Pravin Barton 6 September 2018
Last answer 6 February 2019 Last comment 11 February 2019
+ 1   1 2
2

answers
1

comments
330

views

+ 1

rating

Created by Daniel Kutac, Sales Engineer, InterSystems

Warning: if you get confused by URLs used: the original series used screens from machine called dk-gs2016. The new screenshots are taken from a different machine. You can safely treat url WIN-U9J96QBJSAG as if it was dk-gs2016.

Part 2. Authorization server, OpenID Connect server

Continue Reading
Daniel Kutac's picture
Daniel Kutac 10 August 2016
Last comment 10 August 2018
+ 8   1 6
11

comments
2595

views

+ 8

rating

Hi.. I have an issue where we are using OAuth2.0 with the ZAUTHENTICATE routine.  Once our token is validated we are using a users lan id (passed on the ID token) to find a software defined username in a Cache Global.

That is all working fine in ZAUTHENTICATE.. I am setting the software defined username in the Properties("Comment") array and wanting to reference it in the Rest Service Dispatch class.

Continue Reading
George Hodder's picture
George Hodder 2 February 2018
Last answer 2 February 2018 Last comment 16 February 2018
0   0 2
1

answers
5

comments
475

views

0

rating

As many of you, our partners, are more widely using modern UI frameworks to create client front-end, you may have encountered a question, "So how do I secure my data when I just finished developing all new fancy browser based client experience?"

The answer is easy. Use a standard, proven OAuth2 and OpenID!

"OK, but how can I do it? I have never done it before."

No problem, just have a look here, if your client is Angular (not AngularJS) based, there is a demo project available for you to review and get inspired!

Continue Reading
Daniel Kutac's picture
Daniel Kutac 10 November 2017
Last comment 13 November 2017
+ 6   0 4
1

comments
844

views

+ 6

rating

I tried to implement the Oauth2 in google,

I got authentication, But I unable to read response class.

I got an error as:

I unable to change response Class.

Anyone help me to Change response Class in Client Configuration

                      or

Is there any option to define response URL manually?

Thanks

Continue Reading
Manoj K's picture
Manoj K 9 March 2017
Last answer 9 March 2017 Last comment 8 November 2017
0   0 4
2

answers
5

comments
272

views

0

rating

Hi, 

I am a beginner on intersystems technologies ! and i want implements Oauth2 for our projects ( Angular 2 + Caché REST  Backend). 

i read the article that the link  is below : 

https://community.intersystems.com/post/cach%C3%A9-open-authorization-framework-oauth-20-implementation-part-1

But : i need to create  all servers ( Auth and Resource ) on Caché and dont' to use google server.

Continue Reading
Yani Idoughi's picture
Yani Idoughi 1 August 2017
Last comment 26 September 2017
0   0 4
0

answers

4

comments
573

views

0

rating

Unless I'm mistaken, 2017.1 doesn't appear to support RFC 7523 (JSON Web Token Profile for OAuth 2.0 Client Authentication and Authorization Grants).  Is that coming in 2017.2?

In order to support it in 2017.1, I'd have to override the OAuth 2.0 token endpoint to cater for the additional grant types - what's the best way to do this?

 

Thanks.

Continue Reading
Steve Shaw's picture
Steve Shaw 25 May 2017
Last answer 6 June 2017 Last comment 13 June 2017
0   0 2
2

answers
1

comments
429

views

0

rating

Created by Daniel Kutac, Sales Engineer, InterSystems

 

Part 3. Appendix

InterSystems IRIS OAUTH classes explained

In the previous part of our series we have learned about configuring InterSystems IRIS to act as an OAUTH client as well as authorization and authentication server (by means of OpenID Connect). In this final part of our series we are going to describe classes implementing InterSystems IRIS OAuth 2.0 framework. We will also discuss use cases for selected methods of API classes.

The API classes implementing OAuth 2.0 can be separated into three different groups according to their purpose. All classes are implemented in %SYS namespace. Some of them are public (via % package), some not and should not be called by developers directly.

Continue Reading
Daniel Kutac's picture
Daniel Kutac 3 May 2017
+ 7   1 2
0

comments

1459

views

+ 7

rating

I am using OAuth2 Cache framework, acting as a client to an authorization server. My setup is based on this excellent previous post [Caché Open Authorization Framework (OAuth 2.0) implementation – part 1].

I'm facing ‘Authorization Server Error: Error Processing Response - No match between server name 'googleapis.com' and SSL certificate values google.com…’

It looks like I should set SSLCheckServerIdentity to false but I can’t figure out how. Has anyone had the same issue?

Continue Reading
Ricardo Paiva's picture
Ricardo Paiva 5 October 2016
Last answer 2 November 2016 Last comment 2 November 2016
0   0 4
1

answers
3

comments
661

views

0

rating

Is this available anywhere (for Health Connect)? I've found a few presentations but they are aimed at entry level.

We're looking at supporting more and more FHIR, REST plus OAuth interfaces in future. I've built some of this into older versions of HealthShare and Ensemble but it's desirable to move to supported versions. 

We would be using Healthshare as a facade to other systems.

 

 

Continue Reading
Kevin Mayfield's picture
Kevin Mayfield 6 September 2016
Last answer 11 October 2016
0   0 3
3

answers
0

comments

944

views

0

rating

Click here to view our OAuth 2.0 Overview

InterSystems created this video as a high-level overview of OAuth 2.0 technology, geared toward developers looking to learn the basics of OAuth 2.0.  It will teach you how OAuth 2.0 works, what roles are involved, what benefits it can provide, and how InterSystems Caché can be used with this technology.

Continue Reading
Derek Robinson's picture
Derek Robinson 26 September 2016
Last comment 28 September 2016
+ 6   0 3
3

comments
378

views

+ 6

rating

I am in need of a routine or class method to generate an Oauth 1.0 signature.  I was about to code this myself, but thought to check first to see if anyone has already done this and is willing to share.

Thanks in advance for any help.

[UPDATE  06/28/2016]

Continue Reading
Richard Taylor's picture
Richard Taylor 15 June 2016
0   0 1
0

answers

0

comments

237

views

0

rating