1 Reply Latest reply on Mar 20, 2018 8:44 AM by mcollinge

    Authentication of a desktop application connecting to the Jive API

    eric.anastas

      I'm developing a tool to assist users migrating content from our existing intranet and wiki sites to our new Jive site. The existing resources are on sites that are only accessible inside our corporate network, so the tool must also run from inside our network.


      I've developing this as a .NET WPF application. Here's what I have so far for the GUI.

       

       

      The basic idea of the tool is the user will enter the URL to an existing intranet page, and then select a destination place in Jive to create a new document in.

       

      I would like this to be a tool that anyone at my company can use, and thus respect the permissions of each individual user's account. However, our user accounts are federated through SAML and ADFS. So I'm trying to determine what options I have for authentication.


      Options 1: Full Access Service account and Run-As Feature

       

      One option is to make the API requests as a full access service account, but use the run-as feature, to run as a specific user. In order for this to work I must enable the jive.api.run_as.strategies system property. However, we are on Jive cloud and it does not appear that I have access to edit this even as a full access admin of the site. Is this something support can change on our instance?

       

      Option 2: Use OAuth


      I'm still trying to get my head around how OAuth works, but I think this would be be possible by using a temporary local web server and a http://localhost:XXXX redirection URL.

       

      api - Using OAuth 2 with desktop c# Application - Stack Overflow

      Google has a good example of what I'm thinking here: oauth-apps-for-windows/Program.cs at master · googlesamples/oauth-apps-for-windows · GitHub

       

       

      - - -

       

      I think I prefer option 2, as I don't like the idea of having to figure out how to securely store the credentials for a full access service account with each installation of my tool.

       

      Am I missing something? Has anyone run into this problem before?