ELMandOAuth10a < Deployment

<div id="header-title" style="padding: 10px 15px; border-width:1px; border-style:solid; border-color:#FFD28C; background-image: url(<nop>https://jazz.net/wiki/pub/Deployment/WebPreferences/TLASE.jpg); background-size: cover; font-size:120%">
---+!! OAuth 1.0a - 3 Legged Flow with ELM  <img src="https://jazz.net/wiki/pub/Deployment/WebPreferences/uc.png" alt="uc.png" width="50" height="50" align="right"> 
%DKGRAY% Authors: Main.DineshKumar <br>
Build basis: 6.0.6.1
%ENDCOLOR%</div></sticky>

<!-- Page contents top of page on right hand side in box -->
<sticky><div style="float:right; border-width:1px; border-style:solid; border-color:#DFDFDF; background-color:#F6F6F6; margin:0 0 15px 15px; padding: 0 15px 0 15px;">
%TOC{title="Page contents"}%
</div></sticky>

<sticky><div style="margin:15px;"></sticky>

This article demonstrates using OAuth 1.0a to access protected resources of ELM using REST Client browser extension to Firefox.  It introduces the URLs to use for each Leg of the authentication process and unique aspects for each application.    


	
---++ Steps
---++++ Getting Started 
<b>1.  Register a Consumer </b><br>
You will need Admin User Access to the Application for this.  Once you login as an Admin user to the application, you can register a consumer from the Admin/Consumers page.  You can reach this page using the url of the form:<br>
&nbsp;&nbsp;&nbsp;&nbsp; =<nolink>https://&lt;host&gt;:&lt;port&gt;/&lt;appcontextroot&gt;/admin#action=com.ibm.team.repository.admin.configureOAuth</nolink>=  
<br>
<br>
Alternatively, one can make use of the additional provisions that were made to Root Services document of ELM applications to provides URLs to register consumers and approve them.  For more details, refer to the addendum here: https://jazz.net/wiki/bin/view/Main/RootServicesSpecAddendum2 <br>
<br>
Once registered, make a note of the <b>consumer key</b> and the <b>secret</b>.  We will need them in the Auth flow.<br><br>

<b>2.  Note the URLs to use for authentication flow.  </b><br>
These URLs are accessed from the Rootservices document for the application that owns the protected resources that you wish to access. i.e., if you wish to access RM resources, you will need to access RM root services document.

To access the rootservices document, you can use url of the form:<br>
&nbsp;&nbsp;&nbsp;&nbsp; =<nolink>https://&lt;host&gt;:&lt;port&gt;/&lt;appcontextroot&gt;/rootservices</nolink>= 

In the rootservies document, the URLs to look for are:<br> 
&nbsp;&nbsp;&nbsp;&nbsp; =<jfs:<b>oauthRequestTokenUrl</b> rdf:resource="https://&lt;host&gt;:&lt;port&gt;/jts/oauth-request-token"/>= <br>
&nbsp;&nbsp;&nbsp;&nbsp; =<jfs:<b>oauthUserAuthorizationUrl</b> rdf:resource="https://&lt;host&gt;:&lt;port&gt;/jts/oauth-authorize"/>= <br>
&nbsp;&nbsp;&nbsp;&nbsp; =<jfs:<b>oauthAccessTokenUrl</b> rdf:resource="https://&lt;host&gt;:&lt;port&gt;/jts/oauth-access-token"/>= <br>
<br>
With the Consumer Key and Secret and the URLs, we are ready to begin the 3 legged Authorization flow.  This flow starts with getting a Request Token qouting the Consumer Key/Secret.  Authorizing the Token using an User's login and finally exchanging the Authorized Request Token for an Access Token.  The Access Token can then be used to access Protected resources from the application.<br>

Now, lets look at the auth flow in detail

---++++ Perform Oauth 3 legged flow
The section for Application to Application authentication in the article https://jazz.net/wiki/bin/view/Main/JFSCoreSecurity shows the typical flow. In this article we shall perform that flow using REST Client.
   * 1st Leg:  Get Request Token <br>
     <img src="%ATTACHURLPATH%/Authentication_Types_Menu_in_RESTClient.png" alt="Authentication_Types_Menu_in_RESTClient.png" width="700" height="223" />
     <img src="%ATTACHURLPATH%/OAuth_1.0_Authentication_UI_in_RESTClient.png" alt="OAuth_1.0_Authentication_UI_in_RESTClient.png" width="600" height="250" />


   * 2nd Leg: Authorise Request Token 
   This requires a manual intervention, with a specific user’s credentials using application login prompt
   * 3rd Leg: Get Authorised Access Token
---++++ Accessing protected resource using the Authorised Access Token

---++ Application Specifics
---++++ ERM Specifics
ERM Delegates the authentication to JTS. Hence unlike in the apps which manage their authentication, for RM the URL's for request token, authorize and access token are JTS based.
  
---++++ EWM Specifics
---++++ ETM Specifics


---++ Conclusion
---++++ work item links for more details 
---++++ wiki links

---+++++!! Related topics: 
  * [[https://jazz.net/library/article/75][TN0013: Jazz Server Authentication Explained]]<br>
  * [[https://jazz.net/wiki/bin/view/Main/RootServicesSpecAddendum2][Additional OAuth-related Properties in Root Services Documents ]]<br>
  * [[https://jazz.net/wiki/bin/view/Main/JFSCoreSecurity][Jazz Foundation Core Security ]]<br>
---+++++!! External links:          

   * [[https://www.ibm.com][IBM]]

---+++++!! Additional contributors: Main.TWikiUser, Main.TWikiUser

<sticky></div></sticky>

This topic: Deployment > WebHome > DeploymentInstallingUpgradingAndMigrating > JazzAuthorizationServer > ELMandOAuth10a

History: r7 - 2021-09-09 - 11:52:49 - DineshKumar

Copyright © by IBM and non-IBM contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our Terms of Use. Please read the following disclaimer.
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.