Interfacing with a web API that uses OAuth2

I am trying to interface with a web API that uses OAuth2. I am having trouble running the system.net.httpGet function to get the information I need. I tried using the example on this post:OAuth2 connections - #4 by d3h637, but it didn’t work. I’d appreciate it if someone who has done something like this before to share an example of how they did it. I think I just be having an issue with passing in my variables.

Ditch httpGet, it’s got bad performance and extremely limited support for modern web conventions.

system.net.httpClient is better in basically every way.
https://docs.inductiveautomation.com/display/DOC81/system.net.httpClient

It won’t directly do the OAuth for you, but it will make interacting with a server (and things like manually setting cookies) much easier.

Is the API you’re interacting with public/have public docs? You might be able to generate a long-lived/permanent token via some developer mechanism, and thus sidestep OAuth entirely.

I’m new to all this API stuff so excuse my lack of knowledge.

The interface I’m trying to interact with is called Workflow max, it’s a xero product. If by public docs you mean something like these: https://developer.xero.com/documentation/getting-started-guide/
Developer API - Category Methods Then yes.

I was able to get what I was looking for in Postman after using my client_id, client_secret, access_token, re_directURl, and scopes. However, whenever I want to generate my token, I need to login using my credentials to get that token and it expires every 30 minutes.

So I’m wondering how this could be done.

I figured out somewhat of a workaround for the token expiration issue. I setup an OpenID Identity Provider and made it the default provider for my perspective app. So every time a user logs in to the app, a new token gets generated and I get it from perspective session.props.idpAttributes. But the next step I need to figure out is how to use that token to get the data I want.

So, at least from a scan of the documentation, it doesn’t look like there’s any ‘developer’ mechanism - you must (properly) use OAuth. Unfortunately, this is also a fairly complicated API with a tricky signature validation mechanism…

I would probably start by looking at how the official Python SDK does the authentication/refresh logic:

Ideally, that code could be adapted to use system.net.httpClient. I haven’t looked in detail, but the official Python SDK probably won’t drop directly into Ignition (though that may be worth a try).

If you don’t make any headway interacting with the SDK yourself, you could also get the Java SDK and drop that into Ignition, either via a custom module or the (undocumented, unsupported) trick of dropping the .jar into lib/gateway or lib/core, so that we automatically load it. The Java API is going to be verbose and awkward to use from Jython, most likely, but should handle all the required things you need it to do.

1 Like

Hi,

Did you have any success on the OAuth2 authorization? I have the same challenge ahead for a “proof of concept”.

I got my access token first using postman, and then I used it in Ignition to GET other data, here’s the script I used:

client_id = system.tag.read("client_id").value
client_secret =  system.tag.read("client_secret").value
AccessToken = system.tag.read("Tokens/AccessToken").value

		
def YourFunc(access_token):
	connections_url = '<YourURL>'
	client = system.net.httpClient()
	response = client.get(connections_url,
	              headers = {
	                  'Authorization': 'Bearer ' + access_token,
	                  'Content-Type': 'application/json'
	                        })
	            
	json_response = response.json
	print(json_response)

YourFunc(AccessToken )

I tried to use the RESOURCE OWNER PASSWORD CREDENTIALS GRANT TYPE from the url below, with small changes I was able to get a response in the script console. Got a lot of characters, but no access_token. Good idea to test it out with something else for debugging.