scottklement.com

IBM i Discussion Forums
https://www.scottklement.com/forums/

Using OAUTH2 with HTTPAPI

https://www.scottklement.com/forums/viewtopic.php?t=243

Page 1 of 1

Using OAUTH2 with HTTPAPI

Posted: Thu Jan 05, 2023 9:02 pm
by jonboy49
Has anyone used HTTPAPI in a situation where OAUTH2 was required?

I have been happily using Zoom's JWT API interface for a couple of years but they are dropping support for that soon and I have to switch to OAUTH2 instead. I'm having a bit of a brain fart getting my head around the callback aspect of the process and would like to know if anyone else has encountered this,

Re: Using OAUTH2 with HTTPAPI

Posted: Wed Jan 11, 2023 2:28 am
by Scott Klement
If you haven't already done so, I would start by getting a "big picture" view of what OAUTH2 is. This video is a pretty good introduction:
https://www.youtube.com/watch?v=CPbvxxslDTU

When you look at this, I think you'll see pretty clearly that HTTPAPI can only provide part of the process. The user will need a browser, at least, to authorize your application to their Zoom account. Remember, this portion typically requires the host (Zoom, for instance) to be able to send a web page that will run on the user's screen... so hard to do this with HTTPAPI.

Once all the authorization is set up, and the proper tokens have been registered and you're saving them somewhere on your system (perhaps in a PF) you could then use HTTPAPI with those tokens to log in for individual transactions.

Re: Using OAUTH2 with HTTPAPI

Posted: Wed Jan 11, 2023 6:27 pm
by jonboy49
That was pretty much the conclussion that I had rereached Scott - but I know from some remarks from Brad that he apparently has a way of auto refresshing the token becuase they do time out. I confess I have not checked the validity duration for the Zoom tokens - it may be that it is a moot point and they are long-lived enough to not need an auto refresh.

Thanks for the thoughts.

Re: Using OAUTH2 with HTTPAPI

Posted: Fri Jan 20, 2023 8:59 pm
by dmitriy.kuznetsov
OAuth2 does support the server-to-server token management without any user interactions. For Zoom the first step as Scott pointed out would be a one time API client authorization (in this case IBM i endpoint). Once that is completed, the API client can request tokens, check if the tokens are valid, and refresh / request new tokens automatically. The token can then be cached on API Client for a period of validity and if the token becomes stale the API client will need to refresh / request a new one.

Re: Using OAUTH2 with HTTPAPI

Posted: Fri Jan 20, 2023 11:55 pm
by jonboy49
Thanks - that's nice to know Dmitry.

I'll be getting back to it in a couple of weeks and give it a shot.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited