Doubts about Oauth

Hi.

I am relatively new to REST and OAuth. I understand* the basic concept but I have trouble understanding how it is used in OC WS.

The main issue is that as far I understand OAuth allows me (the client) produce a token so that server A can access to my resources in server B using that token; that way I do not need to disclose my authentication info to server A.

But in OC I have just one server (with two webapps, 'OpenClinica' and 'OpenClinica-ws') and a client, so I am at odds about what to do.

This page (https://docs.openclinica.com/3.1/technical-documents/rest-api-specifications/oauth-and-openclinica) gives some info, but it seems centered about accessing OC data from the Rule Designer server.

All of this leaves me with the following questions

1) Should I still use OAuth in the scenario I am talking about (one server, one client)? I assume that in that case the OC server (the web application) will serve both as both OC and D in the diagram shown in the linked page.

2) How do I get the access token? What should be the client id?


If you have some example of how to test these WS on SoapUI it would be of great help, too. Or client code in almost any programming language.

Thanks in advance.


* Or at least I believe that I understand it :-D
Tagged:

Comments

  • toskriptoskrip Posts: 249 ✭✭
    Hi,

    current state for OC 3.x is that authentication is not harmonised and different part of APIs uses different authentication technologies:

    Session: OC RESTful URLs
    API Key: newer REST services that have been introduced with OC participate release
    OAuth: only used for OC Rule Designer
    Network/firewall dependent: for REST resources where there is no authentication, it need to be handled on the network/firewall level

    in OC 4.x I believe that this will change. For new REST services seems like API Key is way to go.

    best

    Tomas
  • Snoopy76Snoopy76 Posts: 15
    Thank you.

    I had missed the link to https://dev.openclinica.com/apidoc/(*) and thought that the only REST WS were the ones documented in docs.openclinica.com/3.1

    That also answers the unasked question of why all of the REST WS that I found information for were implemented in the `web` project and not in the `ws`.

    Regards.



    (*) Well I had seen the link but I did not realize it lead to a different web.
Sign In or Register to comment.