Version 26

    What were we trying to do?


    We (people from ThoughtWorks, Inc) have created application (add-on) using jive node sdk. In application we wanted to call jive REST apis on server side. We implemented this using node's REQUEST module.We were using basic auth as authentication to call jive apis in our add-on.


    Due to security concern we wanted to move to oauth implementation. While exploring  the options of handling access token and refresh token logic at our end, we thought there must be something in jive-sdk to do all these things. Our exploration of jive-sdk, ended up using its own mechanism to request jive API with Oauth without implementing refresh ouath token logic at our end.


    How to use jive-node-sdk to authenticate API request using OAuth?


    1) Create app using using Jive Node SDK:

     

     

       jive-sdk create app

     


    2) Update node packages:


      npm update


    3) Start server:


      node app


    This creates 'db' folder in your app directory which contains jiveExtension.json having UUID field.


    4) Update the client configuration file:


    Update your jiveclientconfiguration.json  file.

    • Get the jiveServiceSignature for the UUID as mentioneed in this doc and add to the file.
    • Change the "clientUrl"  which  points to your app server (in local development it can be nitrous box or ngrow public url ).

    Your configuration file will look like as follows


    {
      "clientUrl": <app-server-public-url>,
      "clientUrlExcludesPort" : true,  // inn case your public url does not contain specific port
       "extensionInfo" : {
          "uuid": <UUID>,
          "jiveServiceSignature": "<signature-for-UUID>"
      }
    }
    
    
    
    
    
    
    
    
    
    
    


    5) Upload the app:


    Restart the node server  and deploy app as given in step 5  in the doc

    After successful upload  you will find the file db/community.json which has outh object and other fields.  This happens through the register call by jive to add-on.


    6) How to request jive REST api:


    Jive-sdk uses community object while calling APIs. So we have to get  this community first and then call jive apis using jive-sdk method as follows :


    var jive = require('jive-sdk');
    jive.context.persistence.findByID("community",<url-of-your jive-instance>)
              .then(function (community) {
                      jive.community.doRequest(community, {url: <jive-api-url>,
                     "method": "GET"
              })
             .then(function (successResponse) {
                          //do whatever you want on success
              },function(failureRespose){
                            //do whatever you want for failure
              })
    
    
    
    
    
    
    
    

     

     


    *<url-of-your-jive-instance>  is in db/community.json


    Benefits:


    1) We do not have to worry about refreshing access token, jive-sdk refreshes community.json if access token expires.

    2) As we knows jive REST API response always contains line


    throw 'allowIllegalResourceCall is false.';


    and we programatically have to handle this while parsing response json object.

    This overhead is gone with jive sdk doRequest method as it internally takes care of giving response json.


    Note: jive sdk recommend to use database to store community object in production instead of file store (db/community.json)


    Proposed Improvements in authentication mechanism:


    We found that currently you can get oauth token only after uploading an add-on (you can also refer the doc). But there are some scenarios where we do not  want to upload add on e.g. We want to use jive REST api using oauth in standalone app which is not jive add-on. Here we just want oauth token to do requests without uploading dummy add on.


    So we think that there should be a way from where we can get clientID and clientSecret without needing to create and upload dummy add-on.


    There might be ways to do this but we did not find anything related to this in jive docs.


    Have a fun with jive-sdk and explore more awesome things.  Special thanks to sandeep j for encouranging exploration of jive-sdk and Pawan Shah for all his help in the world of jive.