OAuth Bean
Properties Methods Events Configuration Settings Errors
The OAuth component is used to authorize a client and provide an authorization string used in future requests.
Syntax
InCloudStorage.Oauth
Remarks
The OAuth bean provides an easy way to obtain an authorization string for future requests to a service. The bean implements an OAuth 2.0 client.
To begin using the bean you will first need to register your application with the service you want to use. During this process you should obtain a ClientId and ClientSecret as well as the ServerAuthURL and ServerTokenURL for the authorization server. Then set ClientProfile to the client type that best describes your situation and call GetAuthorization.
The following client types are currently supported by the bean:
- Application (desktop application)
- WebServer (server side application such as a web site)
- Device (an application without browser access such as a game console)
- Mobile (phone or tablet application)
- Browser (javascript application)
- JWT (server to server authentication using a JWT bearer token such as Google service account authentication)
Application Client Type
The application client type is applicable to applications that are run by the user directly. For instance a windows form application would use the application client type. To authorize your application (client) using the application client type follow the steps below.First, set ClientProfile to cfApplication. This defines the client type the bean will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application.
Next, call GetAuthorization to begin the authorization process. When GetAuthorization is called the bean will build the URL to which the user will be directed and fire the LaunchBrowser event. The bean will then launch the browser using the command and URL shown in the LaunchBrowser event.
The user will authenticate to the service, and then be redirected back to an embedded web server that was automatically started when GetAuthorization was called. At this time the ReturnURL event will fire. This event provides an opportunity to provide a custom response to your user that they will see in their browser.
The bean will then automatically exchange the grant that was returned by the authorization server for the access token using the HTTP endpoint specified in ServerTokenURL.
The authorization is now complete and the GetAuthorization method will return the authorization string. To use the authorization string with any of our beans simply pass this value to the Authorization property before making the request.
A simple example is shown below.
OAuth.ClientId = "MyId"; OAuth.ClientSecret = "MyPassword"; OAuth.ServerAuthURL = "https://accounts.google.com/o/oauth2/auth"; OAuth.ServerTokenURL = "https://accounts.google.com/o/oauth2/token"; HTTP.Authorization = OAuth.GetAuthorization(); HTTP.Get("https://www.googleapis.com/oauth2/v1/userinfo");
WebServer Client Type
The WebServer client type is applicable to applications that are run on the server side where the user uses the application from a web browser. To authorize your application (client) using this client type follow the steps below.
First, set ClientProfile to cfWebServer. This defines the client type the component will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Set ReturnURL to the page on your site that will be the endpoint the user is redirected back to after authentication.
Next, call GetAuthorizationURL. This will return a URL to which the user should be redirected. Redirect the user to this URL.
After the user authenticates and is returned to the page on your site specified by ReturnURL, parse the "code" query string parameter from the incoming request. Set AuthorizationCode to this value.
Call GetAuthorization to exchange the code specified in AuthorizationCode for a token from the server specified by ServerTokenURL. GetAuthorization returns the authorization string. To use the authorization string with any of our components simply pass this value to the Authorization property before making the request.
Device Client Type
The Device client type is applicable to applications that are run on devices where no web browser can be used. For instance a game console would use the device client type. To authorize your application (client) using the device client type follow the steps below.
First, set ClientProfile to cfDevice. This defines the client type the bean will use. Set the ClientId, ClientSecret, ServerAuthURL, and ServerTokenURL to the values you obtained when registering your application. Do not set ReturnURL.
Next, call GetAuthorizationURL. The bean will automatically make a request to ServerAuthURL to obtain a user code for the device. The GetAuthorizationURL method will return the URL your user must visit from another device or computer that has web browser support. The GetAuthorizationURL method will also populate DeviceUserCode. This device user code must also be provided to the user. The user will enter the code at the URL returned by GetAuthorizationURL.
At this time, call GetAuthorization. The bean will begin polling the server specified in ServerTokenURL. The polling interval is specified (in seconds) by the PollingInterval setting.
After the user has authenticated, the GetAuthorization method will return the authorization string. To use the authorization string with any of our components simply pass this value to the Authorization property before making the request.
Mobile Client Type
The Mobile client type is applicable to applications that are run on devices where a web browser can be used. For instance a mobile phone or tablet. The behavior when using this client type is very similar to the Application client type. The only difference between the Mobile and Application client types is the way the browser is launched, when set to Mobile the LaunchBrowser event will fire but the bean will not attempt to launch the browser automatically. The browser must be launched manually from code. This behavior is the only difference between the Mobile and Application client type. Please read the steps above for the Application client type for a more detailed look at the process.
JWT Bearer Token (Server to Server) Type
The JWT (JSON Web Token) Bearer Token type is available for server to server authentication. For instance this may be used by web applications to access a Google service. In this case the application will access data on behalf of the service account, not the end user. End user interaction is not required.
First, specify AuthorizationScope and ServerTokenURL.
Next specify JWT specific values. The use of the JWT profile requires additional configuration settings to be specified, including a certificate with private key used to sign the JWT. Either specify the JWTJSONKey configuration setting, which will parse the necessary information automatically, or manually specify the following configuration settings:
- JWTIssuer (required)
- JWTAudience (required)
- JWTCertStoreType (required)
- JWTCertStore (required)
- JWTCertStorePassword (required)
- JWTCertSubject (required)
- JWTSubject
- JWTValidityTime
- JWTSignatureAlgorithm
For example:
oauth.AuthorizationScope = "https://www.googleapis.com/auth/analytics"; oauth.ServerTokenURL = "https://www.googleapis.com/oauth2/v3/token"; oauth.ClientProfile = OauthClientProfiles.cfJWT; oauth.Config("JWTIssuer=111917875427-g39d5bar90mjgiuf2n5ases9qk0j2q0p@developer.gserviceaccount.com"); oauth.Config("JWTAudience=https://www.googleapis.com/oauth2/v3/token"); oauth.Config("JWTCertStoreType=2"); oauth.Config("JWTCertStore=C:\\MyCertificate.p12"); oauth.Config("JWTCertStorePassword=password"); oauth.Config("JWTCertSubject=*"); oauth.Config("JWTValidityTime=5400"); //in seconds string authStr = oauth.GetAuthorization();
Property List
The following is the full list of the properties of the bean with short descriptions. Click on the links for further details.
Accept | A list of acceptable MIME types for the request. |
AccessToken | The access token returned by the authorization server. |
AllowHTTPCompression | Enables HTTP compression for receiving data. |
AuthorizationCode | The authorization code that is exchanged for an access token. |
AuthorizationScope | The scope request or response parameter used during authorization. |
ClientId | The id of the client assigned when registering the application. |
ClientProfile | The type of client that is requesting authorization. |
ClientSecret | The secret value for the client assigned when registering the application. |
Connected | Shows whether the component is connected. |
ContentType | Content type for posts and puts. |
Cookies | Collection of cookies. |
Firewall | A set of properties related to firewall access. |
FollowRedirects | Determines what happens when the server issues a redirect. |
From | The email address of the HTTP agent (optional). |
HTTPMethod | The HTTP method used for the request. |
Idle | The current status of the component. |
IfModifiedSince | A date determining the maximum age of the desired document. |
LocalHost | The name of the local host or user-assigned IP interface through which connections are initiated or accepted. |
OtherHeaders | Other headers as determined by the user (optional). |
Params | The parameters to be included in the request to the authorization server, or received in the response. |
ParsedHeaders | Collection of headers returned from the last request. |
PostData | The data to post with the URL if the POST method is used. |
Pragma | A browser/server specific header line (optional). |
Proxy | A set of properties related to proxy access. |
Range | The byte-range to be sent to the server. |
Referer | Referer URL/document (optional). |
RefreshToken | Specifies the refresh token received from or sent to the authorization server. |
ReturnURL | The URL where the user (browser) returns after authenticating. |
ServerAuthURL | The URL of the authorization server. |
ServerTokenURL | The URL used to obtain the access token. |
SSLAcceptServerCert | Instructs the component to unconditionally accept the server certificate that matches the supplied certificate. |
SSLCert | The certificate to be used during SSL negotiation. |
SSLServerCert | The server certificate for the last established connection. |
StatusLine | The first line of the last server response. |
Timeout | A timeout for the component. |
TransferredData | The contents of the last response from the server. |
TransferredDataLimit | The maximum of data to be transferred. |
TransferredHeaders | The full set of headers as received from the server. |
Method List
The following is the full list of the methods of the bean with short descriptions. Click on the links for further details.
addCookie | Adds a cookie and the corresponding value to the outgoing request headers. |
addParam | Adds a name-value pair to the query string parameters of outgoing request. |
config | Sets or retrieves a configuration setting . |
doEvents | Processes events from the internal message queue. |
getAuthorization | Gets the authorization string required to access the protected resource. |
getAuthorizationURL | Builds and returns the URL to which the user should be re-directed for authorization. |
interrupt | Interrupt the current method. |
reset | Reset the component. |
startWebServer | Starts the embedded web server. |
stopWebServer | Stops the embedded web server. |
Event List
The following is the full list of the events fired by the bean with short descriptions. Click on the links for further details.
Connected | Fired immediately after a connection completes (or fails). |
ConnectionStatus | Fired to indicate changes in connection state. |
Disconnected | Fired when a connection is closed. |
EndTransfer | Fired when a document finishes transferring. |
Error | Information about errors during data delivery. |
Header | Fired every time a header line comes in. |
LaunchBrowser | Fires before launching a browser with the authorization URL. |
Redirect | Fired when a redirection is received from the server. |
ReturnURL | Fires when the user is redirected to the embedded web server. |
SetCookie | Fired for every cookie set by the server. |
SSLServerAuthentication | Fired after the server presents its certificate to the client. |
SSLStatus | Shows the progress of the secure connection. |
StartTransfer | Fired when a document starts transferring (after the headers). |
Status | Fired when the HTTP status line is received from the server. |
Transfer | Fired while a document transfers (delivers document). |
Configuration Settings
The following is a list of configuration settings for the bean with short descriptions. Click on the links for further details.
AuthorizationTokenType | The type of access token returned. |
AuthorizationURL | Specifies the URL used for authorization. |
BrowserResponseTimeout | Specifies the amount of time to wait for a response from the browser. |
DeviceUserCode | The device's user code when the ClientProfile is set to cfDevice. |
FormVarCount | Specifies the number of additional form variables to include in the request. |
FormVarName[i] | Specifies the form variable name at the specified index. |
FormVarValue[i] | Specifies the form variable value at the specified index. |
JWTJSONKey | The file path of the JWT JSON Key, or a string containing its content. |
JWTIssuer | The JWT issuer when the ClientProfile is set to cfJWT. |
JWTAudience | The JWT audience when the ClientProfile is set to cfJWT. |
JWTCertStoreType | The type of certificate store. |
JWTCertStore | The name of the certificate store for the JWT signing certificate. |
JWTCertStorePassword | The JWT signing certificate password. |
JWTCertSubject | The JWT signing certificate subject. |
JWTSignatureAlgorithm | The signature algorithm used to sign the JWT. |
JWTSubject | The subject field in the JWT. |
JWTValidityTime | The amount of time in seconds for which the assertion in the JWT is valid. |
Office365ServiceAPIVersion | The API version of the Office 365 service being discovered. |
Office365ServiceCapability | The API capability of the Office 365 service being discovered. |
Office365ServiceEndpoint | The Office 365 endpoint for the service that matches the criteria specified. |
PollingInterval | The interval in seconds between polling requests when the device client type is used. |
ReUseWebServer | Determines if the same server instance is used between requests. |
TokenInfoFieldCount | The number of fields in the tokeninfo service response. |
TokenInfoFieldName[i] | The name of the tokeninfo service response field. |
TokenInfoFieldValue[i] | The value of the tokeninfo service response field. |
TokenInfoURL | The URL of the tokeninfo service. |
ValidateToken | Validates the specified access token with a tokeninfo service. |
WebServerFailedResponse | The custom response that will be displayed to the user if authentication failed. |
WebServerHost | The hostname used by the embedded web server displayed in the ReturnURL. |
WebServerPort | The port on which the embedded web server listens. |
WebServerResponse | The custom response that will be displayed to the user. |
WebServerUseSSL | Whether the web server requires SSL connections. |
WebServerSSLCertStoreType | The type of certificate store. |
WebServerSSLCertStore | The name of the certificate store for the client certificate. |
WebServerSSLCertStorePassword | The certificate password. |
WebServerSSLCertSubject | The certificate subject. |
AcceptEncoding | Used to tell the server which types of content encodings the client supports. |
AllowHTTPCompression | This property enables HTTP compression for receiving data. |
AllowIdenticalRedirectURL | Allow redirects to the same URL. |
Append | Whether to append data to LocalFile. |
Authorization | The Authorization string to be sent to the server. |
BytesTransferred | Contains the number of bytes transferred in the response data. |
EncodeURL | If set to true the URL will be encoded by the component. |
FollowRedirects | Determines what happens when the server issues a redirect. |
GetOn302Redirect | If set to true the component will perform a GET on the new location. |
HTTPVersion | The version of HTTP used by the component. |
IfModifiedSince | A date determining the maximum age of the desired document. |
KeepAlive | Determines whether the HTTP connection is closed after completion of the request. |
MaxRedirectAttempts | Limits the number of redirects that are followed in a request. |
OtherHeaders | Other headers as determined by the user (optional). |
ProxyAuthorization | The authorization string to be sent to the proxy server. |
ProxyAuthScheme | The authorization scheme to be used for the proxy. |
ProxyPassword | A password if authentication is to be used for the proxy. |
ProxyPort | Port for the proxy server (default 80). |
ProxyServer | Name or IP address of a proxy server (optional). |
ProxyUser | A user name if authentication is to be used for the proxy. |
TransferredDataLimit | The maximum number of incoming bytes to be stored by the component. |
TransferredHeaders | The full set of headers as received from the server. |
UseChunkedEncoding | Enables or Disables HTTP chunked encoding for transfers. |
ChunkSize | Specifies the chunk size in bytes when using chunked encoding. |
UserAgent | Information about the user agent (browser). |
KerberosSPN | The Service Principal Name for the Kerberos Domain Controller. |
ConnectionTimeout | Sets a separate timeout value for establishing a connection. |
FirewallAutoDetect | Tells the component whether or not to automatically detect and use firewall system settings, if available. |
FirewallHost | Name or IP address of firewall (optional). |
FirewallPassword | Password to be used if authentication is to be used when connecting through the firewall. |
FirewallPort | The TCP port for the FirewallHost;. |
FirewallType | Determines the type of firewall to connect through. |
FirewallUser | A user name if authentication is to be used connecting through a firewall. |
KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
Linger | When set to True, connections are terminated gracefully. |
LingerTime | Time in seconds to have the connection linger. |
LocalHost | The name of the local host through which connections are initiated or accepted. |
LocalPort | The TCP port in the local host where the component binds. |
MaxLineLength | The maximum amount of data to accumulate when no EOL is found. |
MaxTransferRate | The transfer rate limit in bytes per second. |
RecordLength | The length of received data records. |
TCPKeepAlive | Determines whether or not the keep alive socket option is enabled. |
UseIPv6 | Whether to use IPv6. |
TcpNoDelay | Whether or not to delay when sending packets. |
ReuseSSLSession | Determines if the SSL session is reused. |
SSLCipherStrength | The minimum cipher strength used for bulk encryption. |
SSLEnabledProtocols | Used to enable/disable the supported security protocols. |
SSLProvider | The name of the security provider to use. |
SSLSecurityFlags | Flags that control certificate verification. |
OpenSSLCADir | The path to a directory containing CA certificates. |
OpenSSLCAFile | Name of the file containing the list of CA's trusted by your application. |
OpenSSLCipherList | A string that controls the ciphers to be used by SSL. |
OpenSSLPrngSeedData | The data to seed the pseudo random number generator (PRNG). |
AbsoluteTimeout | Determines whether timeouts are inactivity timeouts or absolute timeouts. |
FirewallData | Used to send extra data to the firewall. |
InBufferSize | The size in bytes of the incoming queue of the socket. |
OutBufferSize | The size in bytes of the outgoing queue of the socket. |
CodePage | The system code page used for Unicode to Multibyte translations. |