11 Replies Latest reply on Jul 14, 2016 5:00 AM by darshan_patel

    Jive app authentification for a custom web service

    Novice

      When making a request from an app using the core API we can use the current logged user credential on the backend even when our app security is "Single subdomain".  All request seems to processed by "/social/rpc".

       

      We want to leverage this infrastructure (or any other solution) to call a custom service (plugin) on the same Jive Instance our custom app would be published (inside the firewall).

       

      These services are deployed on this path

       

      /api/rpc/rest/sidlee/v1/SLProject and

      /api/rpc/rest/sidlee/v1/SLCommunity/

       

      How can we do so, and can we have a basic working example of this.

       

      Thanks,

       

      Yves Gauthier

        • Re: Jive app authentification for a custom web service
          Advanced

          Hi Ryan

          Maybe you can help/advice. Our IT team built an App for "complex community structure" provisioning but we have issues using jive credential when calling custom REST API deployed as plugin (inside the framework and inside the firewall).

          Thanks in advance

            • Re: Jive app authentification for a custom web service
              Ryan Rutan Guru

              I think you @mentioned the right people above; however, I know they were both traveling during your request.  Let me get them involved and see what they have to say.  My thought is that you might be missing a securityfilter.    From a logging  perspective can you see control flowing into your service but failing?  If not, then it is probably something higher-level like security/auth.  I'll escalate internally and see what we can dig up for you.  Stay tuned.

                • Re: Jive app authentification for a custom web service
                  Advanced

                  Thanks Ryan, very appreciated.: ) by my understanding, no but I will let Yves Gauthier give more precesions.

                    • Re: Jive app authentification for a custom web service
                      Advanced

                      Karim,

                      There is a way that, via a plugin, you can "extend" the core api. However.... I'd ask why you need to do this. If this is from an app, then there are already mechanisms for making AJAX calls that are proxied through your Jive instance that can hit any REST endpoint. So while this is possible, I'd be very wary about doing it.

                        • Re: Jive app authentification for a custom web service
                          Novice

                          Mark Weitzel, yes, that's what we are trying to do: make an ajax call from an app to a service on our Jive instance.  What are the mecanismes to proxie thoses calls, so the request is authenticated with the current logged user credential.

                           

                          thanks,

                           

                          Yves

                            • Re: Jive app authentification for a custom web service
                              Novice

                              Mark Weitzel,  this post add a code sample for the previous post.


                              The following way of creating a discussion thread doesn't ask for credentials to the app user:

                               

                                             //Return the group record with the given ID.

                                             var request = osapi.jive.core.groups.get({id: 1438});

                                             // execute the request

                                             request.execute(function(response) {

                                                     var group = response.data;          

                                                     // Get the request object for creating the new discussion

                                                     var discussion = {subject: mySubject, html: myMessageContent};

                                                     var request = group.discussions.create(discussion);

                                                     // Execute the request

                                                     request.execute(function(response) {

                                                     });

                                             });

                                           

                              The following type of service call to create a similar discussion thread asks for credentials: How could any local service can be called using the credentials of the user viewing the app. 

                              var postContent = "<createThreadInContainer><subject>"+ $("#Subject").val() +"</subject><body>"+ $("#Content").val() +"</body><containerType>700</containerType><containerID>1438</containerID><userID>"+ userid +"</userID></createThreadInContainer>";

                                                            

                                                             /*start ajax call*/

                                                             $.ajax

                                                             ({

                                                                    type: "POST",

                                                                    url: "/rpc/rest/forumService/createThreadInContainer",

                                                                    dataType: 'xml',

                                                                    contentType: 'application/xml',

                                                                    async: true,

                                                                    data: postContent,

                                                                    success: function (…) {

                               

                                                                    },

                                                                    error: function(…) {

                                                                           

                                                                    }

                                                             });

                                • Re: Jive app authentification for a custom web service
                                  Advanced
                                  How could any local service can be called using the credentials of the user viewing the app.

                                  The short answer to this question is because you are using two very different programming models. In the top example, you are using the Jive Apps API. When you issue an osapi.jive.core.groups call, it goes through the Jive Apps framework. This does interesting things like put a security token on the call. Open up firebug and look at the network traffic on the rpc call. You'll see something like:

                                  getuser.jpg

                                   

                                  The second call in your example looks like it's using vanilla AJAX as part of jquery to hit the REST endpoint. To Jive, this is no different than issuing a CURL command. As such, it needs the user's credentials.

                                   

                                  Make sense??