This is a guide to implement and test the pre-built OAuth2.0 authentication plugin, provided with Hubway Connect.
This feature is available on Hubway Connect R2.4+.
Requirements
- Ping account
-
OAuth 2.0 pre-built plugin (contact us if you don’t have it)
PingOne Identity Provider configuration
If you do not have it yet, register for a free trial account to use the PingIdentity services. After verifying your email address and providing the additional information, follow the next steps in order to set up an identity server.
1. Create a Customer Solution
2. Create an Application
On the left side pane, go to Connections ->Applications and create a new one by clicking on the plus icon next to Applications.
Choose “Single-Page” as Application Type.
3. Configure the Application
a. After creating the App, make sure the switch on the top right corner is on
b. Navigate to the Configuration tab and click on the pencil on the top right corner to edit the configuration
c. Add https://example.com in the Redirect URIs field and save
d. Navigate to the Resources tab and click on the pencil on the top right corner to edit the resources
e. In the Scopes tab scroll to the end, add profile and save
4. Create a User
On the left side pane, go to Identities ->Users and create a new one by clicking on the plus icon next to Users
Ensure the username you’re using is the same username from the user account in OutSystems that you want to authenticate with when requesting the Hubway API.
5. Generate a token for the user created in the previous step
a. Go to Applications and click on the created application, navigate to the Configuration tab and expand the URLs section
b. Paste the following path on your browser:
{AuthorizationURL}?response_type=token id_token&client_id={ClientID}&redirect_uri=https://example.com&scope=openid%20profile
* {AuthorizationURL} and {ClientID} are displayed in the Configuration tab of the created app.
c. You’ll be requested to login with the user created in step 4 (and might be requested to change the password)
d. After login, copy the link from the browser, and retrieve the id_token from the path
Example: https://example.com/#access_token=eyJraWQiOiJ[..]kgUqDv7w&[..]&id_token=eyJraWQ[..]eoCl0VtbmY7Q
Configure the pre-built OAuth 2.0 authentication plugin module
Along with the installation of Hubway Connect you might have opted for the use of custom authentication methods. If your authentication method of choice is OAuth 2.0, you will not need to implement it from scratch, as we provide a example of its implementation through a Hubway authentication plugin, called HWAuthentication_OAuth2.
* Note that this module is optional and if you don’t have it available on your environment, reach out to our support team.
a. Open the module in ServiceCenter and to include the signature verification, set the following site properties
ExpectedSignatureKeyId
- Open JWT.IO and paste the “id_token”
- Copy the kid value and set the value of the site property
SignatureKey
- In Ping open the Application and navigate to the Configuration tab and expand the URLs
- Copy the JWKS Endpoint and open it in a browser tab
- Search for the key with the same kid value as the one defined in JWT.IO , and set the value of this site property with the entire content of the JSon record you found
Example:
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"x5t": "TXBdKPlRe7upoxbRxLEzlGgkTN8",
"kid": "d9aa0090-4317-11ee-ac7e-776c27709711",
"x5c": [
"MIIDtDCCAp[..]a4c/g=="
],
"n": "5kTz6tX6Q[..]sCtNUtQ"
}
b. If you don’t wish to include the signature verification, open the module in ServiceCenter and set the VerifySignature site property to False
Consuming a Hubway API with OAuth 2.0 token
When accessing a Hubway API with OAuth 2.0 authentication, use Bearer Token as authorization type and use the id_token as the bearer token.
See an example of how to use a Bearer token, when consuming APIs, using Postman:
