6 Replies Latest reply on Mar 6, 2014 8:54 AM by muralivp

    Authenticating rest service without password.

    samarth.shekhar02

      Hi,

      I am trying to integrate a custom application with Jive 7 using Rest Api.

      I need to know if there is any way to authenticate user only using username and maintain a session with custom application.

      Pradeep Kumar do you have any idea on this?

       

      Thanks,

      Samarth Shekhar

        • Re: Authenticating rest service without password.
          pradeepgm

          Have you tried Jive delegated authentication?

              • Re: Authenticating rest service without password.
                samarth.shekhar02

                Hi Ryan Rutan,

                Is there a way to implement this with java?

                I am still not clear how can we authenticate the rest api without password.

                My requirement is, i will be having only username with me and i need to authenticate the user to get the result from api.

                And my application is not sitting in jive server.

                It has been hosted on different server. In this case how this can be achieved?

                 

                Pradeep Kumar,

                How will delegate authentication help us in this? With that i think we need to create a separate user and only those users will be able to authenticate with the api's?

                Please let me know if this understanding is wrong?

                 

                Thanks,
                Samarth Shekhar

                  • Re: Authenticating rest service without password.

                    Basic auth in Jive requires password (for obvious security reasons), so there is no way to authenticate REST API calls without password. You have two options, 1. your application obtains authorization from the Jive user using OAuth 2. your application uses an admin account and Run-As feature to make API calls as a different user.

                      • Re: Authenticating rest service without password.
                        samarth.shekhar02

                        Hi Murali VP,

                         

                        Thanks for the idea.

                        I was able to authenticate using Run As feature in Jive.

                         

                        But i was also trying to authenticate using OAuth 2.

                        Here i was able to get the secret code with https://client.application.com/oauth2/redirect?code=<authz_code>

                        I was following the below process:

                        The implementation is as per the specification. Once an add-on has been installed from the registry (or during development uploaded to a Jive instance from the Add-ons menu), in general

                        1. the user logs in to the client's web application in a browser.
                        2. Client redirects the user the Jive's authorization end-point typically in a new smaller browser window, which is <jive-url>/oauth2/authorize
                        3. Client includes the required parameters client_id=<client_id>&response_type=code and any optional parameters, scope, state or redirect_uri.
                        4. If the browser doesn't have a logged in session for Jive, Jive asks the user to login first.
                        5. Jive presents an authorization screen asking the user to allow or deny the authorization grant (scope is not shown to user at this time).
                        6. Assuming user allows authorization, Jive will redirect to user back to the redirect_uri (if it was sent to the authorization end-point) or to the redirect_uri provided in the add-on.
                        7. A short lived authorization code is attached as a query parameter to the redirect URL along with state parameter if it was provided earlier, eg: https://client.application.com/oauth2/redirect?code=<authz_code>
                        8. Client makes a POST request to the token end-point authorizing the request using client credentials. In curl this would be
                          curl -u 'mqi3a01xvyubsp585hdeqtry8vqbi5j1.i:e692pxphtzyq2nn75htldedoqzog2atk.s' -d 'code=ee3q0hlz6jr8oqwt0qojo4x79mnwuk1q.c&grant_type=authorization_code&client_id=mqi3a01xvyubsp585hdeqtry8vqbi5j1.i' <jive-url>/oauth2/token
                        9. Jive responds with eg. {"scope":"uri:/api","token_type":"bearer","expires_in":"172799","refresh_token":"6i85jzwkwpjfkllhrdtqzlownvr55lh0b2k39mwu.r","access_token":"9dqwqywtar14ikpljs4s53bu7qat9qi8agltxttm.t"}

                         

                        Till step 7 everything worked fine. But not able to progress after that .

                        In curl it is saying :

                        curl -u 'bo5a2txip8l3w2ns0hmhr3a6t1n78gou.i:q5aj42em1yg8sv08amhsgkt64exyybpe.s' -d 'code=f85exc77poc009q4bxpjsgv3nib3ufa3.c&grant_type=authorization_code&client_id=bo5a2txip8l3w2ns0hmhr3a6t1n78gou.i' <Jive Instance URL>/oauth2/token

                        curl: no URL specified!

                        curl: try 'curl --help' or 'curl --manual' for more information

                        'grant_type' is not recognized as an internal or external command,

                        operable program or batch file.

                        'client_id' is not recognized as an internal or external command,

                        operable program or batch file.

                         

                        Can you throw some light on where i am going wrong?

                         

                        Thanks,

                        Samarth Shekhar