Oauth2 in Wirecloud

岁酱吖の 提交于 2019-12-02 06:08:06

问题


Which is the best way to implement OAuth2 authorization in an operator? We have secured our backend API with PEP proxy and we need a valid token. Does wirecloud provide any mean to access it once the user is logged in. Something like:

MashupPlatform.context.getOAuthToken()

We try to avoid hardcoding user credentials in the logic of the operator.


回答1:


Yeah,

Although, you cannot read the OAuth2 token from widgets/operators, you can use the WireCloud's proxy and configure it to inject the OAuth2 token for you into your requests. To do so, you have to provide the following headers when making the request:

  • X-FI-WARE-OAuth-Token the value should be true
  • X-FI-WARE-OAuth-Header-Name is the name of the header that is going to be added by to the requests with the OAuth2 token, in your case: X-Auth-Token as you are using the PEP proxy (Although the correct header for OAuth2 is Authorization).

Take into account that anonymous users doesn't have a valid OAuth2 token. Also, if you are running a custom instance of WireCloud it can be configured to support several auth backends. In that case, some user won't be associated with an IdM account. You can check if the currently logged user has an associated IdM token by running the following code: MashupPlatform.context.get('fiware_token_available');

There is also experimental support for using the OAuth2 token of the owner of the dashboard instead of using the OAuth2 token of the current logged user. To do so, add the X-FI-WARE-OAuth-Source header using the workspaceowner value.

Example:

MashupPlatform.http.makeRequest(url, {
    requestHeaders: {
        "X-FI-WARE-OAuth-Token": "true",
        "X-FI-WARE-OAuth-Header-Name": "X-Auth-Token",
        "X-FI-WARE-OAuth-Source": "workspaceowner"
    },
    ...
});

Future considerations:

In a production environment, services using the OAuth2 authentication should be served using https for security reasons. So we are considering adding checks into the WireCloud proxy for only injecting OAuth2 tokens if the final URL uses the https schema. The only exception for this could be services available in the same intranet that WireCloud.



来源:https://stackoverflow.com/questions/33299297/oauth2-in-wirecloud

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!