javascript API plus oauth?

[Nic Ferrier]

I'm loving the look of the JS API here - https://github.com/versionone/VersionOne.SDK.JavaScript/

But I can't see an example of how to use with OAuth.

Does anyone have such an example?

Alternately can anyone tell me how to make my VersionOne instance not require Oauth?


Nic Ferrier

[Adam Anderson]

The VersionOne API supports two authentication modes:

• Application Authentication
• OAuth 2.0

One alternative to OAuth is Basic Authentication (a form of Application Authentication) where you submit an initial request containing a username and password which returns an authentication ticket as a cookie. Each subsequent request should contain this ticket cookie to prove that you're authorized. One limitation with this authentication mode, though, is that you cannot use the new query.v1 endpoints. Also, users might not feel comfortable providing their credentials to your app.

Check out this page for more information on each authentication mode's capabilities.

[Nic Ferrier]

Hmmm... trust is not really an issue because everyone can see the code and it's a command line client that you download and run locally. Not a webapp that might go off and do other stuff.

But not having the query stuff makes life a bit difficult.

[ibuchanan]

Nic and Adam,

Apologies that some docs describing the authentication for the endpoints are now a bit out of date. I'm working to fix it.

As of 14.0, the query.v1 endpoint can now be used multiple authentication mechanisms, OAuth2 or Application. Prior to 14.0, we had to choose 1 authentication mechanism per endpoint. Therefore we had to duplicate the query.v1 endpoint as query.legacy.v1. That endpoint allows developers to reach the same functionality (queries in HTTP bodies with JSON results) with Application Authentication. That is still available if you would rather avoid OAuth2.

Ian Buchanan

Product Manager for Platform and Integrations

[ferri...@gmail.com]

So, if we use that version we can use app auth with the query.v1 endpoint?

I wonder if my lot are planning an upgrade. 

Thanks for this, Ian. It would be better if there was a better oauth flow I think. If you didn't need the app register‎ step at all and it was easier to send a refresh. And more language examples. 

:)

Nic Ferrier (without Emacs)

From: ibuchanan Sent: Friday, 21 March 2014 12:51 To: version...@googlegroups.com Reply To: version...@googlegroups.com Subject: Re: javascript API plus oauth?

--
You received this message because you are subscribed to a topic in the Google Groups "VersionOne-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/versionone-dev/_WmtMgOwR_k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to versionone-de...@googlegroups.com.
To post to this group, send email to version...@googlegroups.com.
Visit this group at http://groups.google.com/group/versionone-dev.
For more options, visit https://groups.google.com/d/optout.

[Nic Ferrier]

I've tried this now. It doesn't work for me.

I get the following response:

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer realm="http://v1.mycompanydomain/V1-Production", scope="query-api-1.0"
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
VersionOne: Ultimate/14.0.1.6629;
Scrum..Access-Control-Allow-Origin: *

Is this because our admins have got stuff in front of VersionOne? (in this case IIS) or is this something else?