Oauth2 in Wirecloud

前端 未结 1 1420
爱一瞬间的悲伤
爱一瞬间的悲伤 2021-01-23 03:33

Which is the best way to implement OAuth2 authorization in an operator? We have secured our backend API with PEP proxy and we need a valid token. Does wirecloud provide any mean

1条回答
  •  南方客
    南方客 (楼主)
    2021-01-23 04:36

    Yeah,

    Although, you cannot read the OAuth2 token from widgets/operators, you can use the WireCloud's proxy and configure it to inject the OAuth2 token for you into your requests. To do so, you have to provide the following headers when making the request:

    • X-FI-WARE-OAuth-Token the value should be true
    • X-FI-WARE-OAuth-Header-Name is the name of the header that is going to be added by to the requests with the OAuth2 token, in your case: X-Auth-Token as you are using the PEP proxy (Although the correct header for OAuth2 is Authorization).

    Take into account that anonymous users doesn't have a valid OAuth2 token. Also, if you are running a custom instance of WireCloud it can be configured to support several auth backends. In that case, some user won't be associated with an IdM account. You can check if the currently logged user has an associated IdM token by running the following code: MashupPlatform.context.get('fiware_token_available');

    There is also experimental support for using the OAuth2 token of the owner of the dashboard instead of using the OAuth2 token of the current logged user. To do so, add the X-FI-WARE-OAuth-Source header using the workspaceowner value.

    Example:

    MashupPlatform.http.makeRequest(url, {
        requestHeaders: {
            "X-FI-WARE-OAuth-Token": "true",
            "X-FI-WARE-OAuth-Header-Name": "X-Auth-Token",
            "X-FI-WARE-OAuth-Source": "workspaceowner"
        },
        ...
    });
    

    Future considerations:

    In a production environment, services using the OAuth2 authentication should be served using https for security reasons. So we are considering adding checks into the WireCloud proxy for only injecting OAuth2 tokens if the final URL uses the https schema. The only exception for this could be services available in the same intranet that WireCloud.

    0 讨论(0)
提交回复
热议问题