Start a conversation

Can I use LightWave Client with an API using OAuth 2.0 authentication?

It depends. A REST API using OAuth 2.0 for authentication works by requiring a "bearer token" to be supplied as an HTTP header in the API request sent to the service endpoint (the web service). LightWave Client supports this. The difficulty, though, may be in obtaining the bearer token.

OAuth 2.0 defines a number of authentication "flows" to obtain a bearer token. Most of these flows involve a "user consent" step that requires user interactivity through a web browser, which is not practical for most NonStop applications1.

There is one flow, the "client credentials grant", that does not require user consent. This flow is typically supported when accessing a service or application account at the web service provider, as opposed to a user account. The client credentials flow works by first obtaining a "key" and a "secret" from the web service provider, typically when you create your service account.  Later, prior to calling your desired REST API, your client application exchanges the key and secret values for a bearer token. The actual process for doing so varies from provider to provider, but often involves using another REST API. Finally, your client application includes the acquired bearer token as part of your desired REST API call using the HTTP "Authorization" header. Often, the bearer token has a short TTL (time to live), and must be refreshed.  Again, the details are web service provider dependent.

While some web services provide a REST API to acquire a bearer token, other web services provide code libraries to obtain one, but these libraries are (often) not usable on NonStop. Still others may allow you to manually generate a token with a long TTL.

So the answer to whether LightWave Client will work with a specific OAuth 2.0 REST API depends on the provider, whether the Client Credentials Grant flow is supported, and the mechanism by which a client application obtains a bearer token. No matter how you acquire it, once you have a bearer token, LightWave Client can use it to authenticate your application's REST API calls to the provider.

1 If the web service provider supports it, the "device flow" may be suitable in some situations.

Choose files or drag and drop files
Was this article helpful?
Please sign in to comment