What is oAuth2

oAuth2 is a authentication framework that allows third party applications to authenticate with services without the need for the user to provide credentials to the third party application.

For example if our application would like to connect to an end users google account we can get authorization by asking the user to authenticate with google and google giving our application a security token. The application never knows the credentials used but gets access using the token provided by google.

Normally authentication would involve a login screen that allows the user to type in a username and password and then the application would use these credentials to talk to the third party service.

In order to hide the actual credentials from the application the following process is used by oAuth2 to authenticate an application

  1. User instructs application to connect to a service secured by oAuth2
  2. Application starts Authentication Process using your client id and/or client secret by calling the authentication web service
  3. Depending on the options the call returns a URL or web page and that url or webpage which contains the actual login needs to be shown to the user
  4. The application uses one of the available methods to get a response from oAuth2
  5. The user now authenticates on the web page.
  6. in the meantime the application has to wait and continuously check for a response from the authentication
  7. once the user authenticates the application can then get an access token that can be used later to authenticate with the service

Interfacing DataFlex with oAuth2 authentication is a bit complicated mainly due to 2 missing parts of the language

  1. DataFlex is single threaded which makes it hard to wait for things while keeping the user interface from being locked up
  2. DataFlex does not have any support for TCPIP communication which is needed to listen to a port on localhost

One way to make life easier is to use the Chilkat oAuth2 component. Chilkat solves the second issue by handling all the TCPIP communication for us

Registering the application

In order to use oAuth2 for any service the application has to be registered with that service in our example Google. This registration will give us a client id as well as a client secret for our application that will be used to authenticate

For this example we will create 2 views. View 1 will be our view requesting authentication, view 2 will contain the browser window. You could also call the browser as a separate program.

To show the two part process we will split the functions over two buttons. First button will initiate the authentication process, second button will then after successful authentication get the token.

At the top of the view we will need to use the chilkat package. Of course you will need to download and install the chilkat library

the code above will globally unlock all chilkat classes using your credentials supplied by chilkat

Step 1 – Start Authentication

The OnClick procedure above first creates a chilkat oAuth2 object. We remeber the object id in a property for step 2 later.

oAuth2 uses a local port to communicate. In this case we use a port that is likely not used. A better implementation would be to find a random unused port.

We set the endpoints to the google endpoints

We also need to set the client id and client secret. These are supplied to you when registering your application with google

We also need to set the scope of our authentication which will tell Google what services we are trying to authenticate for.

The next step is to start the authentication process. This will return a URL that needs to be shown to the user.

The last line Send ShowGoogleLogin sUrl will be handled in our next step

Show the Url in the browser

We need to be able to show the url returned by the authentication process to the user.

For this example i decided to use a web browser in a view but you can also simply launch a web browser as a separate application. There is no connection needed between our application and the browser

The code for the browser view is as follows

Now we need to create the second part of our authentication that needs to be executed after the user actually authenticates

After validating that there was a proper response from the authentication server we get the response that includes the token and other information

To run this example click the first button. This will initiate the authentication process and then show the browser window with a goggle login (the login may be skipped if you are already logged in to google).

After logging in google will ask if you want to authorize the application. Allow the authorization and then close the browser window.

Now you can click the second button and the application will then get the authentication token that can be used to authenticate for any service calls later.

Michael Salzlechner is the CEO of StarZen Technologies, Inc.

He was part of the Windows Team at Data Access Worldwide that created the DataFlex for Windows Product before joining StarZen Technologies. StarZen Technologies provides consulting services as well as custom Application development and third party products specifically for DataFlex developers