oAuth2 Implementation - Forum - OpenEdge General - Progress Community
 Forum

oAuth2 Implementation

This question is not answered

Hi Guys,

I am looking for assistance / guidance w.r.t. implementing Oauth Authentication in openedge. Does anyone have material / examples of how to implement this? In essence I am trying to use google+ / facebook / microsoft authentication to allow access to our application. Any material / examples that could put me no the right track will be appreciated. I have been told that openedge is capable and that all that is needed is configuration on the PASOE side, and was wondering if this is the only way? Or are there 'many roads that lead to Rome' when it comes to this implementation. I have also been made aware of 'Http client', and was wondering if anyone has used this feature for authentication?

Kind regards,

All Replies
  • I have implemented an OAuth2 flow for our application to our sister site using the OpenEdge.Net.pl httpclient. The biggest hurdle is keeping your sanity with all the moving parts:

    1. OpenEdge / OpenEdge.Net.pl version - 11.7.5 has issues with TLS1.3

    2. your own code - don't update the access / refresh token pair in a transaction that can fail, if it fails for whatever other reason, you are left with the old pair and you will need to get the user to reauthorize

    3. the site being used for OAuth - our sister site was moved behind akamai which introduced broken cookies which led to httpclient crashing

  • Hello Andrew,

    Have you looked at the 12.x documentation at: docs.progress.com/.../Authenticate-using-OAuth2-and-JWT.html

    In there you'll find the basics for defining the types of OAuth2 tokens PASOE supports, how to configure the JWT signature keys, and pointing out which JWT claims contain the authenticated user'id, and how to authorize the token's access to your web application's URLs.

    The issues generally are found in the types of tokens.   The different token service vendors have been found to deliver tokens with different types of payloads, not all of which PASOE can validate and obtain a user-id from.   Generally we setup a client to do the OAuth2 message flow, obtain a token from the Authorization Server, and dump it for inspection.  The inspection provides the clues for setting the PASOE configuration.

    Once you have a token in your possession, you can ask about configuration details.

    That help?

  • I am not sure how to use it in Progress.. But probably you can get the dll of the service which you have to consume and register it in windows using gacutil and then you can try to consume the dot net classes in Progress.

    You can refer to below link as a sample.

    https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth

  • Hey Guys,

    I have been digging a little more and have a PASOE instance setup and running, I have authenticated successfully using the 'form' for client.login.model. But when trying to implement the oAuth2 type, I get the following dispayed in my browser ...

    <oauth>

    <error_description>

    An Authentication object was not found in the SecurityContext

    </error_description>

    <error>unauthorized</error>

    </oauth>

    Any ideas how to overcome this?

  • Hey Guys,

    I have been digging a little more and have a PASOE instance setup and running, I have authenticated successfully using the 'form' for client.login.model. But when trying to implement the oAuth2 type, I get the following dispayed in my browser ...

    <oauth>

    <error_description>

    An Authentication object was not found in the SecurityContext

    </error_description>

    <error>unauthorized</error>

    </oauth>

    Any ideas how to overcome this?

  • Have you made necessary changes in oeablSecurity.properties file? I would check for additional errors/exceptions in log files in the instance logs directory.

  • Hey Dillep,

    Yes I have been playing around with that file. But I have not managed to find the magic formula yet. Do you know of any documentation or how-to guides that might be very useful.

  • Please check this: community.progress.com/.../3396

  • Hey Dileep,

    I have been working through this, but when it comes to clicking on the 'Google Sign-in' nothing happens. When I click on the 'AWS Sign-in' at least there is a response, even though it is an error.