1. Home
  2. Development
  3. Use external OAuth token for making Jsonws API call

Use external OAuth token for making Jsonws API call

Prahadeesh Sivakumar, modified 5 Years ago.
Use external OAuth token for making Jsonws API call
New Member Posts: 3 Join Date: 4/8/20 Recent Posts
Hi,Trying to access Liferay (7.2 CE) jsonws apis from the external application using its own OAuth Token.Have configured SSO to use the OpenID Connect which works fine from the Liferay Portal.
However  the external application which uses the same OpenID Connect to get the access token and pass it for JSONWS call .Is there any way to specify the rest apis to use OpenID Connect settings to authenticate the request? Documentation refers to setup OAuth Admin in Liferay to use that token.
thumbnail
Andrew Jardine, modified 5 Years ago.
RE: Use external OAuth token for making Jsonws API call
Liferay Legend Posts: 2416 Join Date: 12/22/10 Recent Posts
Hey Prahadeesh,
Have you see this article? https://help.liferay.com/hc/en-us/articles/360018176511-Authorizing-Account-Access-with-OAuth2
Prahadeesh Sivakumar, modified 5 Years ago.
RE: Use external OAuth token for making Jsonws API call
New Member Posts: 3 Join Date: 4/8/20 Recent Posts
Hi Andrew,Thanks for the reply.  The above link talks about setting up OAuth Server and how to access in the client application.But in our case, we have a centralized OAuth server from where the token is retrieved and used in our application (all this happens outside of Liferay). We are trying to use the same token (Bearer token in this case ) to call Liferay API. But couldn't make it work.However we could use the same authentication for SSO in the Liferay portal.
thumbnail
Andrew Jardine, modified 5 Years ago.
RE: Use external OAuth token for making Jsonws API call
Liferay Legend Posts: 2416 Join Date: 12/22/10 Recent Posts
I'm a little confused by this last  statement --
However we could use the same authentication for SSO in the Liferay portal.
Do yo mean that you can configure Liferay to authenticate agains the same OAuth server and it works? If that is what you mean, then yeah, that makes sense. Liferay has initiated the authentication and a bearer token (between Liferay and the Authentication provider) is created. But that token can't be used for a separate application because, I believe, each token is specific to the application. This is different from, say, a SAML token, where the IdP can be configured to provide a SSO token for multiple SPs. You might be able to get around your issue with a AutoLogin class -- that's how Liferay handles things like Facebook OAuth where after you enter your credentials the first time you don't have to enter them over and over (even after token expriation).
Prahadeesh Sivakumar, modified 5 Years ago.
RE: Use external OAuth token for making Jsonws API call
New Member Posts: 3 Join Date: 4/8/20 Recent Posts
Possibly I didn't make my scenario clear. 1. Trying to use Liferay as a storage / drive like an application.
2. Want to use the centralized auth server to handle the authentication. So configured SSO configuration in Liferay which works fine when I try to login using Liferay Portal.3. In addition want to expose Liferay API to other applications (lets say upload and download files)to use via the same authentication.  Here the  token will be retrieved by client application which uses the API and pass it along the header.  4. I believe for JSONAPI the default authentication mechanism is Basic Auth (by passing username and password). Possibly other token types are not getting validated at all and authentication assumes no Basic Auth attribute in header and rejects with unauthorized error.
5. I don't see any error about the token validation failure in case of passing OAuth token. Possibly I missing some configuration which enables the authentication through OAuth instead of Basic Auth.
thumbnail
Andrew Jardine, modified 5 Years ago.
RE: Use external OAuth token for making Jsonws API call
Liferay Legend Posts: 2416 Join Date: 12/22/10 Recent Posts
Ok -- I've honestly never tried to use OAuth for JSONWS. Most of the time when I use those services I do it from within the context of a Liferay itself -- by using the Liferay.Service javascript from within a portlet. I think for trying to accomplish what you are trying to accomplish, it might make more sense to use the Headless Services (https://help.liferay.com/hc/en-us/articles/360028748872-Generating-APIs-with-REST-Builder), or build some REST (JAX-RS/WS) services https://help.liferay.com/hc/en-us/articles/360018166411-JAX-RS-That might be more inline with what you are looking to accomplish and I think it's a cleaner way to have external applications use Liferay as a "service hub".