Use OAuth instead of Basic Authentication with Plain Java API
Hello everyone,
We're currently working with the Plain Java API and we've been using the authentication with user and password as a way to obtain the ITeamRepository.
For Basic Authentication we're using the registerLoginHandler function as follows:
ITeamRepository repository = TeamPlatform.getTeamRepositoryService().getTeamRepository(repositoryAddress);
repository.registerLoginHandler(new ITeamRepository.ILoginHandler() {
public ILoginInfo challenge(ITeamRepository repository) {
return new ILoginInfo() {
public String getUserId() {
return user;
}
public String getPassword() {
return password;
}
};
}
});
repository.login(monitor);
Now we want to try out the token-based Authentication and I noticed there's this function in ITeamRepository:
void registerOAuthHandler(IOAuthHandler var1);
but I did not find any example how to use it.
Could you please let me know if there's any examples? I looked a bit in the Javadocs but I could not find anything useful.
Thanks in advance,
Ana
2 answers
If you follow https://jazz.net/library/article/1000 and set up the development environment based on Lab 1 until end of Lab 1, you can search for references in the EWM/RTC SDK. There are very few (like 3) examples how this is used in the SDK.
Hello,
I want to open up this question again, as I am trying to achieve the same.
Using any HttpClient, I am able to perform the oAuth1.0 dance and to receive an authenticated oAuth Acess Token.
Now, I want to make use of this token within the RTC Java SDK. I want to avoid the username / password authentication using the ILoginHandler, but what I have seen so far, logging in into the RemoteTeamRepository without a Username/Password Loginhandler is not possible at all. Can you confirm this?
I have also checked the sources as mentioned by Ralph Schoon, but still I could not figure out, how and when the IOAuthHandler is being used.
Use Case: We have a stateless WebServer that the users can request in parallel to perform several RTC actions, like reading workitems or SCM data. Instead of using the users credentials, we want to have a friendship relation (Consumer) with CLM, and use oAuth, so that we need to exchange and verify the oAuth token only.
Is there any way to achieve this or is there any sample available on how to use oAuth within the RTC Java SDK?
Any help or guidance is appreciated.
Thank you.
Comments
Michael Rowe
FORUM ADMINISTRATOR / FORUM MODERATOR Jun 29 '23, 5:02 p.m.Ralph's answer below will go in the POJO in detail.. I have also created a few blog posts which will explain the Oauth 1.0a and OIDC methods from a rest perspective -- OIDC - https://michaelrowe01.com/index.php/day-job/ibm-elm/api-authentication-method-in-elm-oidc/