OSLC rootservices with oauth1 vs oauth2
It seems that the latest version of Jazz supports OpenID Connect (oauth2++) for authentication, yet the rootservices document when establishing OSLC friends is still based on oauth1.
I am trying to integrate an external (non-IBM/Jazz) application with Rational Engineering Lifecycle Manager.
I already have support for oauth2/OIDC in that application.
Does I still have establish OSLC friendships using oauth1?
Can I not instead use oauth2 for that? If so, how should the rootservices document look like?
One answer
Friend relationships are always required for app-to-app communications, no matter what the authentication protocol is. When both the source and target of a friend relationship supports OIDC, then there will be no OAuth1 consumer key or secret registered for the friend, since it isn't needed. An application indicates that it supports OIDC by returning the "<jd:jsaSsoEnabled>" property in its rootservices document with the content "true" (where "jd" is the XML namespace "http://jazz.net/xmlns/prod/jazz/discovery/1.0/". If you look at the rootservices document for any Jazz application that is configured in OIDC mode, you'll see it includes this:
<jd:jsaSsoEnabled>true</jd:jsaSsoEnabled>