Using OAUTH2 with HTTPAPI

Discussions related to HTTPAPI (An HTTP Client Package for RPG programming.) http://www.scottklement.com/httpapi/
Post Reply
jonboy49
Posts: 200
Joined: Wed Jul 28, 2021 8:18 pm

Using OAUTH2 with HTTPAPI

Post by jonboy49 »

Has anyone used HTTPAPI in a situation where OAUTH2 was required?

I have been happily using Zoom's JWT API interface for a couple of years but they are dropping support for that soon and I have to switch to OAUTH2 instead. I'm having a bit of a brain fart getting my head around the callback aspect of the process and would like to know if anyone else has encountered this,
Scott Klement
Site Admin
Posts: 636
Joined: Sun Jul 04, 2021 5:12 am

Re: Using OAUTH2 with HTTPAPI

Post by Scott Klement »

If you haven't already done so, I would start by getting a "big picture" view of what OAUTH2 is. This video is a pretty good introduction:
https://www.youtube.com/watch?v=CPbvxxslDTU

When you look at this, I think you'll see pretty clearly that HTTPAPI can only provide part of the process. The user will need a browser, at least, to authorize your application to their Zoom account. Remember, this portion typically requires the host (Zoom, for instance) to be able to send a web page that will run on the user's screen... so hard to do this with HTTPAPI.

Once all the authorization is set up, and the proper tokens have been registered and you're saving them somewhere on your system (perhaps in a PF) you could then use HTTPAPI with those tokens to log in for individual transactions.
jonboy49
Posts: 200
Joined: Wed Jul 28, 2021 8:18 pm

Re: Using OAUTH2 with HTTPAPI

Post by jonboy49 »

That was pretty much the conclussion that I had rereached Scott - but I know from some remarks from Brad that he apparently has a way of auto refresshing the token becuase they do time out. I confess I have not checked the validity duration for the Zoom tokens - it may be that it is a moot point and they are long-lived enough to not need an auto refresh.

Thanks for the thoughts.
dmitriy.kuznetsov
Posts: 1
Joined: Fri Jan 20, 2023 8:47 pm

Re: Using OAUTH2 with HTTPAPI

Post by dmitriy.kuznetsov »

OAuth2 does support the server-to-server token management without any user interactions. For Zoom the first step as Scott pointed out would be a one time API client authorization (in this case IBM i endpoint). Once that is completed, the API client can request tokens, check if the tokens are valid, and refresh / request new tokens automatically. The token can then be cached on API Client for a period of validity and if the token becomes stale the API client will need to refresh / request a new one.
jonboy49
Posts: 200
Joined: Wed Jul 28, 2021 8:18 pm

Re: Using OAUTH2 with HTTPAPI

Post by jonboy49 »

Thanks - that's nice to know Dmitry.

I'll be getting back to it in a couple of weeks and give it a shot.
Post Reply