This looks great Dan. For anyone interested, I put together an example of using OAuth2 in AngularJS in the Widgets Direct demo app here:
https://github.com/intersystems/widgets-direct
It shows sending the requests and getting the access code back, but I haven't included validating that on the server side. If there is interest I can look at adding that.
You should be able to create a new class in whatever database you're doing this in, no parent class needed.
Within that class define a ValidateUser class method as above. It should check their credentials and confirm a user exists. If you're using the Caché users table you can use the example above, otherwise you'll need to open the relevant person class and pull the relevant fields from there. Then set the claims that you want to send back to the client based on which scopes you're using. You can set claims with:
Do properties.SetClaimValue("name",tUser.Name)
You can check scopes with something like:
scope.IsDefined("openid")
Then in the portal under System Admin -> Security -> OAuth2 -> Server. Go to the Customization tab and change the Validate User Class to your new class name. That will make the OAuth processing look there for a ValidateUser method and call it.
HTH,
Orion
Thanks for the suggestions. I ultimately set it up to have a fallback mode which allows bypassing the captcha. Eventually I'll choose another service if necessary, but for now it just ignores the captcha and I'll track to see if we get much spam.
Thank you. I fixed it now.
Hi Yani,
I just pushed a working example of using OAuth in an Angular 1 application. It should be helpful to you. See the widgets-direct demo project here:
https://github.com/intersystems/widgets-direct
For help configuring the authorization server see Dan Kutac's articles here on the developer community. The key points in this case are allowing the implicit grant type, the token response type, and properly setting the redirect URL.
Let me know how it goes for you.
All the pictures for this article seem to be missing. I see a bunch of 404 errors in the browser console for the images as well as a couple TypeError errors.
Hi Yani,
I'm actually working on exactly this right now. If you read the other articles in that series it covers how to setup the authorization and resources servers. To do it in an Angular application I believe you need to use the implicit grant type.
I need to configure another cache client, then I'll be implementing this for a couple Angular versions of our internal applications.
So I'll get back to you when I have that working.
Orion
Great thanks for the info Joyce. I'll watch for the next release.
Will do, thanks.
This is an issue with the beta.learning.intersystems.com site. It's been logged and they're working on a solution.
Uppercase letters in usernames are best practice in multiple systems so I'd caution against that being the preferred solution, but it is a stop gap.
I'm working on changing how SSO handles nicknames/display names. Then the developer community can pick up this informaiton and use the same display name as the rest of our internal apps