Authenticating to the Nuxeo Platform with OAuth.io


Mon 03 March 2014 By Arnaud Kervern

OAuth.ioToday, we will discuss how you can start an application using OAuth.io's Nuxeo provider. It allows you to easily integrate OAuth2 authentication with the quick and robust OAuth.io.

You might already know OAuth.io as we invited its creators to participate in a previous Nuxeo Tech Talk Meetup.

First, you need to create a free account on OAuth.io. As you might know, OAuth2 client authorization works with a ClientId/ClientSecret and they need to be registered in your Nuxeo server. Download and start a fresh Nuxeo Platform 5.9.2 with the nuxeo-dm package installed. Then go to the Admin Center, OAuth/OpenSocial and Consumers tab. Register a new client.

We are going to make some AJAX calls between different domains but before going further you need to take care of CORS mechanism. If you are not very confident with it, I recommend you simply deploy our contribution described in our documentation.

With your clientId and clientSecret, you'll have to set them up in your OAuth.io Nuxeo provider configuration page, like below:

Screenshot 2014-02-25 12.03.14

Beware - OAuth2 is sharing the token as an HTTP Header, so you must enable HTTPS on your server.

If everything goes well, from your OAuth.io key manager click the "try auth" button and you should see an access token in the result box.

Now, we can play with the magic OAuth.io library to use this authentication in our app.

Test OAuth.io with Nuxeo
<meta charset="utf-8" />

<script type="text/javascript">// <![CDATA[
OAuth.initialize('my_oauth.io_public_key');

$(function() {
$("#popup").click(function() {
OAuth.popup('nuxeo', function(error, result) {
$("#token").html(result.access_token);
});
return false;
});
});

// ]]></script></pre>
<h1>My access token: <span id="token"></span></h1>
<pre>
<a href="#" id="popup">Open Oauth</a>


As soon as you get an access token, you just pass it as an HTTP Header like this:

[code]
Authorization: Bearer {access_token}
[/code]

You will be able to make requests to Nuxeo using our JavaScript client... but that's another story...


Category: Product & Development
Tagged: How to, Nuxeo Platform, OAuth