Page 2 of 2
Re: Using Oauth2 with HTTPAPI
Posted: Mon Jul 15, 2024 7:16 pm
by rbharathan
We tried with http_string() instead of http_req() and seems like we are not getting errors now.
Sorry for the long post above.
Re: Using Oauth2 with HTTPAPI
Posted: Wed Jul 17, 2024 6:22 pm
by Scott Klement
http_string and http_req are the same thing under the covers.
You don't appear to be urlencoding your data... you appear to just be passing them as-is without encoding. Heck, you seem to be doing random things like putting spaces and colons into them. You are saying to the server "my data is x-www-form-urlencoded", so it will expect it to be url-encoded. Your curl example uses data-urlencode to make it url encoded. In HTTPAPI, you aren't bothering to URL encode it.
Code: Select all
dcl-s data varchar(1000);
data = 'grant_type=' + http_urlEncode('client_credentials')
+ '&scope=' + http_urlEncode('openid read');
rc = http_req( 'POST'
: %Trim(URL)
: *Omit
: Response
: *Omit
: data
: 'application/x-www-form-urlencoded');
Re: Using Oauth2 with HTTPAPI
Posted: Tue Nov 26, 2024 6:02 pm
by Dpevolutionuk10
Hello All,
Hope you are all doing well!
I have a very simple request. I have done a few webservices using Scott's great code but what I am struggling with in my head is the added complexity of using Oauth2 and how this works with the rest of the webservice.
What I need to do is:
- using a user/password get the authentication from a given authentication url.
- Then using http_string pass over details to perform the required action of doing the actual work I want etc.
Reading all that has been said in this thread, I take it once I have done the call to get the authentication this will provide a result which is then stored somewhere but how is this authentication then used in the subsequent calls to do the actual work etc?
Does anybody have any sample code they might want to share? Or give me pointers.
All appreciated so thankyou in advance,
Re: Using Oauth2 with HTTPAPI
Posted: Tue Nov 26, 2024 8:07 pm
by Scott Klement
It would depend on how the API was designed. Different APIs expect the auth string to be provided different ways.
The most common method (and I don't know about your particular API) would be to do it like this prior to the http_string() call:
Code: Select all
http_setauth(HTTP_AUTH_BEARER: '': theAuthCodeHere);