It's all about the answers!

Ask a question

OAuth access and privacy


Dacian Hantig (4844) | asked Apr 15 '14, 3:42 a.m.
Hi everybody,

One of our users requested to be allowed to have access to our CLM by using OAuth (he's developing an application).
https://jazz.net/wiki/bin/view/Main/AppSdkDelegatingAuth#OAuth_Overview

I have investigated this and I have found out that there are several things that are not well defined (described):
1) How to limit the access of such an application ( for example allow only to a specific project area BUT not breaking the privacy of the rest of the project areas)
2) How to define the rights that this application will have (allow create work items, but deny create project area or deny create users) ?
3) How can we track the usage of such OAuth authentication? (In case we need to make a statistic of how many calls per week/day/month etc.)
4) License usage (how to assign a license for such a call etc.)

I'm asking these because these are quite important for my organization.

Thank you in advance,
Dacian

Accepted answer


permanent link
Maeve OReilly (3813) | answered Apr 15 '14, 7:47 a.m.
 HI Dacian,

my understanding of oAuth has always been that it is a supplement to the standard user/password authentication/authorization.  All of what you describe above is I would say controlled by the later.  

I see oAuth as allowing the Application access.  But that is not enough, a user must also authenticate.  If the oAuth dance fails, you don't get an opportunity to login - you won't even get the login dialog.  If it succeeds, then you login and get to see what services are available to your user.

This is based on my observations of how the DOORS OSLC integrations work.  Maybe there is more to it and I could be wrong but I thought I would share anyway.  

HTH
Maeve
Dacian Hantig selected this answer as the correct answer

Comments
Geoffrey Clemm commented Apr 15 '14, 8:05 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

That is basically right ... oAuth is just a way of authenticating, and once you have successfully authenticated via oAuth, you will be logged in as a given Jazz user, with only the rights of that user (i.e. no different than if you had logged in as that user via the Eclipse client, the Visual Studio client, the command line, or the web browser client.


Dacian Hantig commented Apr 16 '14, 3:30 a.m.

Thank you Maeve OReilly and Geoffrey Clemm. Now it's clear for me!

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.