How OAuth works in OSLC

leonli · July 6, 2023, 5:16am

Hi,
I want to know how OAuth works in OSLC, I know that OSLC Server may provide some delegated UIs and UI previews, and the Client will use the iframe to render the UIs. My question is when using iframe, how can we send the OAuth token to the server.
I learnt the two projects (GitHub - OSLC/lyo-adaptor-bugzilla: Bugzilla adaptor based on Eclipse Lyo and GitHub - oslc-op/refimpl), I debugged the CredentialsFitler code to find it would use the Basic Authentication logic instead of OAuth.

jamsden · July 6, 2023, 1:21pm

Leonli, thanks for your interest in OSLC. There is lots of information in the OSLC Developers Guide that should help answer your questions. Unfortunately, there is some implementation variability in how OSLC servers implement client/server and server/sever authentication. Hopefully the examples and explanations in the Developers Guide will be helpful.

jad · July 6, 2023, 7:49pm

So, if you can share a bit more about your specific scenario, we can try to help with a more specific answer.
it all depends on the kind of authentication your applications support to start with.

leonli · July 7, 2023, 1:42am

One scenario like using creator dialog in Client side, I found it used iframe to render the Creator dialog(which provided by Server side), see the below code; my question is if we have OAuth Authentication in the server side, how can we pass the auth token to the server while using the iframe

var iframe;
function postMessageProtocol(dialogURL) {
    // Step 1
    dialogURL += '#oslc-core-postMessage-1.0';

    // Step 2

    var listener = dojo.hitch(this, function (e) {
        var HEADER = "oslc-response:";
        if (e.source == iframe.contentWindow && e.data.indexOf(HEADER) === 0) {
            // Step 4
            window.removeEventListener('message', listener, false);
            destroyFrame(iframe);
            handleMessage(e.data.substr(HEADER.length));
            
        }
    });
    window.addEventListener('message', listener, false);
    
    // Step 3
    iframe = document.createElement('iframe');
	iframe.width = 500;
	iframe.height = 375;
    iframe.src = dialogURL;
    
    // Display the IFrame.
    displayFrame(iframe);
    container.appendChild(iframe);
};

leonli · July 10, 2023, 1:25am

Hello, can anyone help me on this?

jad · July 10, 2023, 6:24am

Hi @leonli

It’s quite messy with the different authentication options, so you’d need to clarify a bit more what you are trying to do.

You say “if we have OAuth Authentication in the server side …” . So

Do you know that you have oauth on the server side? Is it oauth 1 or 2?
Is it correct then that you are just building the Client for an existing server with OSLC support?

leonli · July 10, 2023, 8:41am

I set up a testing OSLC server with OAuth2(I created an OAuth filter for my services), and I followed the above code use Iframe to render the selector page in Client, my question is I don’t know how to pass the token to the server.

After some research, I found out that I should be able to use “OpenID Connect” to solve this problem

jad · July 10, 2023, 9:02am

In this case, your client should actually redirect the user to the authentication server, asking the user to grant access to the client.

See for example this explanation for Jira (https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/). But the same logic applies to any oauth2 authentication.

There are many libraries that can help you with such flows. But it is quite simple, and can be done without libraries.