Cloud Storage Integrator - Online Help
Cloud Storage Integrator
Questions / Feedback?

OAuth Class

Properties   Methods   Events   Configuration Settings   Errors  

The OAuth component is used to authorize a client and provide an authorization string used in future requests.

Class Name

InCloudStorage_OAuth

Procedural Interface

 incloudstorage_oauth_open();
 incloudstorage_oauth_close($res);
 incloudstorage_oauth_register_callback($res, $id, $function);
 incloudstorage_oauth_get_last_error($res);
 incloudstorage_oauth_get_last_error_code($res);
 incloudstorage_oauth_set($res, $id, $index, $value);
 incloudstorage_oauth_get($res, $id, $index);
 incloudstorage_oauth_do_addcookie($res, $cookiename, $cookievalue);
 incloudstorage_oauth_do_addparam($res, $paramname, $paramvalue);
 incloudstorage_oauth_do_config($res, $configurationstring);
 incloudstorage_oauth_do_doevents($res);
 incloudstorage_oauth_do_getauthorization($res);
 incloudstorage_oauth_do_getauthorizationurl($res);
 incloudstorage_oauth_do_interrupt($res);
 incloudstorage_oauth_do_reset($res);
 incloudstorage_oauth_do_startwebserver($res);
 incloudstorage_oauth_do_stopwebserver($res);

Remarks

The OAuth class provides an easy way to obtain an authorization string for future requests to a service. The class implements an OAuth 2.0 client.

To begin using the class you will first need to register your application with the service you want to use. During this process you should obtain a ClientId and ClientSecret as well as the ServerAuthURL and ServerTokenURL for the authorization server. Then set ClientProfile to the client type that best describes your situation and call GetAuthorization.

The following client types are currently supported by the class:

  • Application (desktop application)
  • WebServer (server side application such as a web site)
  • Device (an application without browser access such as a game console)
  • Mobile (phone or tablet application)
  • Browser (javascript application)
  • JWT (server to server authentication using a JWT bearer token such as Google service account authentication)
Please see the detailed descriptions below for each client type and how the class is used to authorize an application using that client type.

Application Client Type

The application client type is applicable to applications that are run by the user directly. For instance a windows form application would use the application client type. To authorize your application (client) using the application client type follow the steps below.

First, set ClientProfile to cfApplication. This defines the client type the class will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application.

Next, call GetAuthorization to begin the authorization process. When GetAuthorization is called the class will build the URL to which the user will be directed and fire the LaunchBrowser event. The class will then launch the browser using the command and URL shown in the LaunchBrowser event.

The user will authenticate to the service, and then be redirected back to an embedded web server that was automatically started when GetAuthorization was called. At this time the ReturnURL event will fire. This event provides an opportunity to provide a custom response to your user that they will see in their browser.

The class will then automatically exchange the grant that was returned by the authorization server for the access token using the HTTP endpoint specified in ServerTokenURL.

The authorization is now complete and the GetAuthorization method will return the authorization string. To use the authorization string with any of our classs simply pass this value to the Authorization property before making the request.

A simple example is shown below.

OAuth.ClientId = "MyId";
OAuth.ClientSecret = "MyPassword";
OAuth.ServerAuthURL = "https://accounts.google.com/o/oauth2/auth";
OAuth.ServerTokenURL = "https://accounts.google.com/o/oauth2/token";
HTTP.Authorization = OAuth.GetAuthorization();
HTTP.Get("https://www.googleapis.com/oauth2/v1/userinfo");

WebServer Client Type

The WebServer client type is applicable to applications that are run on the server side where the user uses the application from a web browser. To authorize your application (client) using this client type follow the steps below.

First, set ClientProfile to cfWebServer. This defines the client type the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Set ReturnURL to the page on your site that will be the endpoint the user is redirected back to after authentication.

Next, call GetAuthorizationURL. This will return a URL to which the user should be redirected. Redirect the user to this URL.

After the user authenticates and is returned to the page on your site specified by ReturnURL, parse the "code" query string parameter from the incoming request. Set AuthorizationCode to this value.

Call GetAuthorization to exchange the code specified in AuthorizationCode for a token from the server specified by ServerTokenURL. GetAuthorization returns the authorization string. To use the authorization string with any of our components simply pass this value to the Authorization property before making the request.

Device Client Type

The Device client type is applicable to applications that are run on devices where no web browser can be used. For instance a game console would use the device client type. To authorize your application (client) using the device client type follow the steps below.

First, set ClientProfile to cfDevice. This defines the client type the class will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Do not set ReturnURL.

Next, call GetAuthorizationURL. The class will automatically make a request to ServerAuthURL to obtain a user code for the device. The GetAuthorizationURL method will return the URL your user must visit from another device or computer that has web browser support. The GetAuthorizationURL method will also populate DeviceUserCode. This device user code must also be provided to the user. The user will enter the code at the URL returned by GetAuthorizationURL.

At this time, call GetAuthorization. The class will begin polling the server specified in ServerTokenURL. The polling interval is specified (in seconds) by the PollingInterval setting.

After the user has authenticated, the GetAuthorization method will return the authorization string. To use the authorization string with any of our components simply pass this value to the Authorization property before making the request.

Mobile Client Type

The Mobile client type is applicable to applications that are run on devices where a web browser can be used. For instance a mobile phone or tablet. The behavior when using this client type is very similar to the Application client type. The only difference between the Mobile and Application client types is the way the browser is launched, when set to Mobile the LaunchBrowser event will fire but the class will not attempt to launch the browser automatically. The browser must be launched manually from code. This behavior is the only difference between the Mobile and Application client type. Please read the steps above for the Application client type for a more detailed look at the process.

JWT Bearer Token (Server to Server) Type

The JWT (JSON Web Token) Bearer Token type is available for server to server authentication. For instance this may be used by web applications to access a Google service. In this case the application will access data on behalf of the service account, not the end user. End user interaction is not required.

First, specify AuthorizationScope and ServerTokenURL.

Next specify JWT specific values. The use of the JWT profile requires additional configuration settings to be specified, including a certificate with private key used to sign the JWT. Either specify the JWTJSONKey configuration setting, which will parse the necessary information automatically, or manually specify the following configuration settings:

Additional fields may be added to the JWT using the AddParam method.

For example:

oauth.AuthorizationScope = "https://www.googleapis.com/auth/analytics";
oauth.ServerTokenURL =  "https://www.googleapis.com/oauth2/v3/token";
oauth.ClientProfile = OauthClientProfiles.cfJWT;
oauth.Config("JWTIssuer=111917875427-g39d5bar90mjgiuf2n5ases9qk0j2q0p@developer.gserviceaccount.com");
oauth.Config("JWTAudience=https://www.googleapis.com/oauth2/v3/token");
oauth.Config("JWTCertStoreType=2");
oauth.Config("JWTCertStore=C:\\MyCertificate.p12");
oauth.Config("JWTCertStorePassword=password");
oauth.Config("JWTCertSubject=*");
oauth.Config("JWTValidityTime=5400"); //in seconds

string authStr = oauth.GetAuthorization();

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

AcceptA list of acceptable MIME types for the request.
AccessTokenThe access token returned by the authorization server.
AllowHTTPCompressionEnables HTTP compression for receiving data.
AuthorizationCodeThe authorization code that is exchanged for an access token.
AuthorizationScopeThe scope request or response parameter used during authorization.
ClientIdThe id of the client assigned when registering the application.
ClientProfileThe type of client that is requesting authorization.
ClientSecretThe secret value for the client assigned when registering the application.
ConnectedShows whether the component is connected.
ContentTypeContent type for posts and puts.
CookieCountThe number of records in the Cookie arrays.
CookieDomainThe domain of a received cookie.
CookieExpirationThis property contains an expiration time for the cookie (if provided by the server).
CookieNameThe name of the cookie.
CookiePathThis property contains a path name to limit the cookie to (if provided by the server).
CookieSecureThis property contains the security flag of the received cookie.
CookieValueThis property contains the value of the cookie.
FirewallAutoDetectThis property tells the component whether or not to automatically detect and use firewall system settings, if available.
FirewallTypeThis property determines the type of firewall to connect through.
FirewallHostThis property contains the name or IP address of firewall (optional).
FirewallPasswordThis property contains a password if authentication is to be used when connecting through the firewall.
FirewallPortThis property contains the TCP port for the firewall Host .
FirewallUserThis property contains a user name if authentication is to be used connecting through a firewall.
FollowRedirectsDetermines what happens when the server issues a redirect.
FromThe email address of the HTTP agent (optional).
HTTPMethodThe HTTP method used for the request.
IdleThe current status of the component.
IfModifiedSinceA date determining the maximum age of the desired document.
LocalHostThe name of the local host or user-assigned IP interface through which connections are initiated or accepted.
OtherHeadersOther headers as determined by the user (optional).
ParamCountThe number of records in the Param arrays.
ParamNameThis property contains the name of the parameter to be used in the request or returned in the response.
ParamValueThis property contains the value of the parameter to be used in the request or returned in the response.
ParsedHeaderCountThe number of records in the ParsedHeader arrays.
ParsedHeaderFieldThis property contains the name of the HTTP header (same case as it is delivered).
ParsedHeaderValueThis property contains the header contents.
PostDataThe data to post with the URL if the POST method is used.
PragmaA browser/server specific header line (optional).
ProxyAuthSchemeThis property is used to tell the component which type of authorization to perform when connecting to the proxy.
ProxyAutoDetectThis property tells the component whether or not to automatically detect and use proxy system settings, if available.
ProxyPasswordThis property contains a password if authentication is to be used for the proxy.
ProxyPortThis property contains the TCP port for the proxy Server (default 80).
ProxyServerIf a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.
ProxySSLThis property determines when to use SSL for the connection to the proxy.
ProxyUserThis property contains a user name, if authentication is to be used for the proxy.
RangeThe byte-range to be sent to the server.
RefererReferer URL/document (optional).
RefreshTokenSpecifies the refresh token received from or sent to the authorization server.
ReturnURLThe URL where the user (browser) returns after authenticating.
ServerAuthURLThe URL of the authorization server.
ServerTokenURLThe URL used to obtain the access token.
SSLAcceptServerCertEncodedThe certificate (PEM/base64 encoded).
SSLCertEncodedThe certificate (PEM/base64 encoded).
SSLCertStoreThe name of the certificate store for the client certificate.
SSLCertStorePasswordIf the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
SSLCertStoreTypeThe type of certificate store for this certificate.
SSLCertSubjectThe subject of the certificate used for client authentication.
SSLServerCertEncodedThe certificate (PEM/base64 encoded).
StatusLineThe first line of the last server response.
TimeoutA timeout for the component.
TransferredDataThe contents of the last response from the server.
TransferredDataLimitThe maximum of data to be transferred.
TransferredHeadersThe full set of headers as received from the server.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

AddCookieAdds a cookie and the corresponding value to the outgoing request headers.
AddParamAdds a name-value pair to the query string parameters of outgoing request.
ConfigSets or retrieves a configuration setting .
DoEventsProcesses events from the internal message queue.
GetAuthorizationGets the authorization string required to access the protected resource.
GetAuthorizationURLBuilds and returns the URL to which the user should be re-directed for authorization.
InterruptInterrupt the current method.
ResetReset the component.
StartWebServerStarts the embedded web server.
StopWebServerStops the embedded web server.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

ConnectedFired immediately after a connection completes (or fails).
ConnectionStatusFired to indicate changes in connection state.
DisconnectedFired when a connection is closed.
EndTransferFired when a document finishes transferring.
ErrorInformation about errors during data delivery.
HeaderFired every time a header line comes in.
LaunchBrowserFires before launching a browser with the authorization URL.
RedirectFired when a redirection is received from the server.
ReturnURLFires when the user is redirected to the embedded web server.
SetCookieFired for every cookie set by the server.
SSLServerAuthenticationFired after the server presents its certificate to the client.
SSLStatusShows the progress of the secure connection.
StartTransferFired when a document starts transferring (after the headers).
StatusFired when the HTTP status line is received from the server.
TransferFired while a document transfers (delivers document).

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

AuthorizationTokenTypeThe type of access token returned.
AuthorizationURLSpecifies the URL used for authorization.
BrowserResponseTimeoutSpecifies the amount of time to wait for a response from the browser.
DeviceUserCodeThe device's user code when the ClientProfile is set to cfDevice.
FormVarCountSpecifies the number of additional form variables to include in the request.
FormVarName[i]Specifies the form variable name at the specified index.
FormVarValue[i]Specifies the form variable value at the specified index.
JWTJSONKeyThe file path of the JWT JSON Key, or a string containing its content.
JWTIssuerThe JWT issuer when the ClientProfile is set to cfJWT.
JWTAudienceThe JWT audience when the ClientProfile is set to cfJWT.
JWTCertStoreTypeThe type of certificate store.
JWTCertStoreThe name of the certificate store for the JWT signing certificate.
JWTCertStorePasswordThe JWT signing certificate password.
JWTCertSubjectThe JWT signing certificate subject.
JWTSignatureAlgorithmThe signature algorithm used to sign the JWT.
JWTSubjectThe subject field in the JWT.
JWTValidityTimeThe amount of time in seconds for which the assertion in the JWT is valid.
Office365ServiceAPIVersionThe API version of the Office 365 service being discovered.
Office365ServiceCapabilityThe API capability of the Office 365 service being discovered.
Office365ServiceEndpointThe Office 365 endpoint for the service that matches the criteria specified.
PollingIntervalThe interval in seconds between polling requests when the device client type is used.
ReUseWebServerDetermines if the same server instance is used between requests.
TokenInfoFieldCountThe number of fields in the tokeninfo service response.
TokenInfoFieldName[i]The name of the tokeninfo service response field.
TokenInfoFieldValue[i]The value of the tokeninfo service response field.
TokenInfoURLThe URL of the tokeninfo service.
ValidateTokenValidates the specified access token with a tokeninfo service.
WebServerFailedResponseThe custom response that will be displayed to the user if authentication failed.
WebServerHostThe hostname used by the embedded web server displayed in the ReturnURL.
WebServerPortThe port on which the embedded web server listens.
WebServerResponseThe custom response that will be displayed to the user.
WebServerUseSSLWhether the web server requires SSL connections.
WebServerSSLCertStoreTypeThe type of certificate store.
WebServerSSLCertStoreThe name of the certificate store for the client certificate.
WebServerSSLCertStorePasswordThe certificate password.
WebServerSSLCertSubjectThe certificate subject.
AcceptEncodingUsed to tell the server which types of content encodings the client supports.
AllowHTTPCompressionThis property enables HTTP compression for receiving data.
AllowIdenticalRedirectURLAllow redirects to the same URL.
AppendWhether to append data to LocalFile.
AuthorizationThe Authorization string to be sent to the server.
BytesTransferredContains the number of bytes transferred in the response data.
EncodeURLIf set to true the URL will be encoded by the component.
FollowRedirectsDetermines what happens when the server issues a redirect.
GetOn302RedirectIf set to true the component will perform a GET on the new location.
HTTPVersionThe version of HTTP used by the component.
IfModifiedSinceA date determining the maximum age of the desired document.
KeepAliveDetermines whether the HTTP connection is closed after completion of the request.
MaxRedirectAttemptsLimits the number of redirects that are followed in a request.
OtherHeadersOther headers as determined by the user (optional).
ProxyAuthorizationThe authorization string to be sent to the proxy server.
ProxyAuthSchemeThe authorization scheme to be used for the proxy.
ProxyPasswordA password if authentication is to be used for the proxy.
ProxyPortPort for the proxy server (default 80).
ProxyServerName or IP address of a proxy server (optional).
ProxyUserA user name if authentication is to be used for the proxy.
TransferredDataLimitThe maximum number of incoming bytes to be stored by the component.
TransferredHeadersThe full set of headers as received from the server.
UseChunkedEncodingEnables or Disables HTTP chunked encoding for transfers.
ChunkSizeSpecifies the chunk size in bytes when using chunked encoding.
UserAgentInformation about the user agent (browser).
KerberosSPNThe Service Principal Name for the Kerberos Domain Controller.
ConnectionTimeoutSets a separate timeout value for establishing a connection.
FirewallAutoDetectTells the component whether or not to automatically detect and use firewall system settings, if available.
FirewallHostName or IP address of firewall (optional).
FirewallPasswordPassword to be used if authentication is to be used when connecting through the firewall.
FirewallPortThe TCP port for the FirewallHost;.
FirewallTypeDetermines the type of firewall to connect through.
FirewallUserA user name if authentication is to be used connecting through a firewall.
KeepAliveTimeThe inactivity time in milliseconds before a TCP keep-alive packet is sent.
KeepAliveIntervalThe retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
LingerWhen set to True, connections are terminated gracefully.
LingerTimeTime in seconds to have the connection linger.
LocalHostThe name of the local host through which connections are initiated or accepted.
LocalPortThe TCP port in the local host where the component binds.
MaxLineLengthThe maximum amount of data to accumulate when no EOL is found.
MaxTransferRateThe transfer rate limit in bytes per second.
RecordLengthThe length of received data records.
TCPKeepAliveDetermines whether or not the keep alive socket option is enabled.
UseIPv6Whether to use IPv6.
TcpNoDelayWhether or not to delay when sending packets.
ReuseSSLSessionDetermines if the SSL session is reused.
SSLCipherStrengthThe minimum cipher strength used for bulk encryption.
SSLEnabledProtocolsUsed to enable/disable the supported security protocols.
SSLProviderThe name of the security provider to use.
SSLSecurityFlagsFlags that control certificate verification.
OpenSSLCADirThe path to a directory containing CA certificates.
OpenSSLCAFileName of the file containing the list of CA's trusted by your application.
OpenSSLCipherListA string that controls the ciphers to be used by SSL.
OpenSSLPrngSeedDataThe data to seed the pseudo random number generator (PRNG).
AbsoluteTimeoutDetermines whether timeouts are inactivity timeouts or absolute timeouts.
FirewallDataUsed to send extra data to the firewall.
InBufferSizeThe size in bytes of the incoming queue of the socket.
OutBufferSizeThe size in bytes of the outgoing queue of the socket.
CodePageThe system code page used for Unicode to Multibyte translations.

 
 
Copyright (c) 2017 /n software inc. - All rights reserved.
Build 1.0.6240.0