Wanted to get an idea of what rest services you will be using so I can test authentications.
Thanks,
Thomas
Thanks,
Thomas
What Rest Services Do You Want To Use?
- Thread starter TigerSoftware
- Start date
Thanks Mohammed, I was looking for websites that you are signed up with. Sites like Paypal, Stripe, Wordpress... I want to test connecting to them with authentications.
Thomas
Last edited:
schmutly
Well-known member
Test OAuth 2.0 from Google Drive so customers can upload their data for storage.
I was thinking of creating through automation, a folder on their desktop and suggesting they store their files, xls, doc, pdf etc there,
and an automation script will check that desktop folder for any changes and upload any new files to their Google Docs.
If ESB is able to get them to fill a form that includes their API details and folders (they can create them too) then that will
help a lot .
I was thinking of creating through automation, a folder on their desktop and suggesting they store their files, xls, doc, pdf etc there,
and an automation script will check that desktop folder for any changes and upload any new files to their Google Docs.
If ESB is able to get them to fill a form that includes their API details and folders (they can create them too) then that will
help a lot .
Ok, I don't think there is a way for me to make authentication (connecting to the websites) easy. Been banging my head against the wall since I started this thread. Websites like Paypal says they use Oauth2 authentication but it is slight different to the normal Oauth2 authentication used by other websites. Other websites can be different as well so there isn't common way to make this work that I've been able to find.
Some want to redirect to a website which wouldn't work with our programs.
Not sure what to do here. I'm thinking of building specific authentications for some of the websites that do it differently.
Thomas
Some want to redirect to a website which wouldn't work with our programs.
Not sure what to do here. I'm thinking of building specific authentications for some of the websites that do it differently.
Thomas
Last edited:
schmutly
Well-known member
Morning,
So my obvious question would be is the setup you have in place now, even though not easy, is still doable, yes..but is more involved?
I mean.. the actions, snippets, that you have in place in GENERAL will still work with most sites? If they follow API standards?
If the answer is yes then i think we will be happy to go with as-it-is.
For the ones like 'paypal' then could a script be created that would work to get around that (I'm going on your "do it slightly different" implying the word slightly as it's still doable, right?).
I guess that's my only concern.
So my obvious question would be is the setup you have in place now, even though not easy, is still doable, yes..but is more involved?
I mean.. the actions, snippets, that you have in place in GENERAL will still work with most sites? If they follow API standards?
If the answer is yes then i think we will be happy to go with as-it-is.
For the ones like 'paypal' then could a script be created that would work to get around that (I'm going on your "do it slightly different" implying the word slightly as it's still doable, right?).
I guess that's my only concern.
You can build your own authentication by dragging and dropping different actions. Most won't be able to do so as it requires understanding of how it works.
Right now I have Basic Authentication, Oauth1, Oauth2, Bearer, ApiKey that can be filled out by you/customers and the program will set the authorization of a rest call based on the authentication set for that rest form.
Now the issue is when a website, like Paypal, says it is Oauth2 but does it differently. You need to add different fields in the call like GrantType. That wouldn't exist in other Oauth2 services. You have to set the body type of the call differently as well.
Quickbooks (and other sites) supposedly requires a redirect url. Means it will redirect to your website with the values needed to access their website. Our programs can't get access to the redirect since it runs on a desktop computer.
Thomas
Last edited:
Hi Thomas,
I know for Oauth2, even though there is standard protocol, various websites use it differently specially if it is transactional data such as Paypal and Quickbooks. I am wondering if you could provide the form with all the parameters (required & optional) so we can adjust it accordingly based on the service providers. For example, the following are most of the available parameters for Oauth2:
I found the following page very useful for understanding how the flow works:
https://darutk.medium.com/diagrams-and-movies-of-all-the-oauth-2-0-flows-194f3c3ade85
I am wondering if you don't need one of the parameters above as required, can you still have it in the form but don't use it if the server doesn't need it. Otherwise, you have to have various forms for various usage which is not ideal.
I remember when testing the ESB automation before, I tested the API connection with URI redirect parameter and I was redirected to access the website for authentication purpose. Unfortunately, I don't recall if I passed beyond the URI redirect so I will give it a try again.
I know for Oauth2, even though there is standard protocol, various websites use it differently specially if it is transactional data such as Paypal and Quickbooks. I am wondering if you could provide the form with all the parameters (required & optional) so we can adjust it accordingly based on the service providers. For example, the following are most of the available parameters for Oauth2:
| Parameter | Required/Optional | Description |
| response_type | Required | Defines the type of response (e.g., code). |
| client_id | Required | Application identifier. |
| redirect_uri | Required | Where the user is redirected post-authentication. |
| scope | Required | Permissions requested (e.g., read write). |
| state | Optional | CSRF protection and state management. |
| code_challenge | Optional | PKCE: Challenge derived from a code verifier. |
| code_challenge_method | Optional | PKCE method (plain or S256). |
| client_secret | Required (varies) | Secret key to authenticate your app (not for PKCE). |
| grant_type | Required | Type of grant (authorization_code, refresh_token). |
| refresh_token | Optional | Used for refreshing tokens. |
I found the following page very useful for understanding how the flow works:
https://darutk.medium.com/diagrams-and-movies-of-all-the-oauth-2-0-flows-194f3c3ade85
I am wondering if you don't need one of the parameters above as required, can you still have it in the form but don't use it if the server doesn't need it. Otherwise, you have to have various forms for various usage which is not ideal.
I remember when testing the ESB automation before, I tested the API connection with URI redirect parameter and I was redirected to access the website for authentication purpose. Unfortunately, I don't recall if I passed beyond the URI redirect so I will give it a try again.
That is what I am looking into now. Trying to figure out some patterns that I can use to figure out how to design the needed way to make the call to different websites. So if a redirect is not added, the call won't be created with one. Still, the redirect itself won't work with our desktop programs as it is a webserver thing. Unless something I haven't tried works.
Thanks!
Thomas
Last edited:
Already got that working. They send you the expire time and I save it. Then I check the time to see if I need to refresh it.
Thomas
Yeah, I'm already popping up a browser for that.
Won't help if they ask for a redirect url for authentication.
Thomas
That is awesome!
Isn't that browser takes you to the their website to authenticate you with your login name and password?