cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Use C4C as oauth provider?

Go to solution
Former Member

on ‎03-12-2015 8:06 PM

0 Kudos

Hi,

We have built an app (hosted in Wildfly) that provides some functionality for managing accounts in C4C. To make it easier for the users we would like to let the users sign in using oauth with the credentials they already have in C4C. I have found alot of examples how to use odata to access recources in C4C but havn't been able to find a way to use oauth from our app?

Is it possible to use C4C as an oauth provider? And if so what url should be used to get the token and to validate it?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-17-2015 2:16 PM
0 Kudos

After some tinkering we found a solution that works for this project even that it isn't a complete Oauth solution.

Our solution requires that an admin of our app enters the usernames of the users that are allowed to use the app in our admin section.

When the user tries to login we present a login screen to the user unless there are a valid cookie.

The result of that form (username and password) is used to try to login to the odata interface at https://<tennant>.crm.ondemand.com/sap/byd/odata/v1/* if this login returns an 200 response know that it is an valid user that tries to login.

The last step is to call the SAML interface to get an token and to download the userinformation (stored in our local database as cache) and let the user in to the app.

This works even that it isn't perfect.

Show replies
Show replies

Answers (1)

Answers (1)

former_member201939
Explorer
‎03-13-2015 2:34 AM
0 Kudos

I assume that you are referring to the option of using OAuth SAML bearer flow, to authenticate Odata calls to C4C. If this is the case, yes the option is supported. You can find a sample implementation of a Java OAuth SAML client at the following Github repository https://github.com/venkyvb/OAuthSAMLClient

Show replies
Show replies
Former Member
‎03-13-2015 5:51 AM
0 Kudos

No I wan't to use C4C as an oauth provider as described here:

Using OAuth 2.0 from a Web Application with Authorization Code Flow - Security and Identity Manageme...

We wan't to use this to avoid having local authorization in our app.

former_member201939
Explorer
‎03-13-2015 5:55 AM
0 Kudos

Unfortunately, C4C does not support OAuth Auth Code Flow yet, this is part of the roadmap.

PS: If your app is a Server based app, you can use the OAuth SAML bearer flow for this purpose.

Former Member
‎03-13-2015 6:26 AM
0 Kudos

Yes, the app is serverbased (Wildfly) so that would be possible,

Do you have any documentation on which saml method that should be used? Or any examples?

former_member201939
Explorer
‎03-13-2015 6:29 AM
0 Kudos

Please check the Github repository venkyvb/OAuthSAMLClient · GitHub, this contains a sample with some details around how you can configure and run it. If there are any questions please let me know.

Former Member
‎03-13-2015 7:39 AM
0 Kudos

I did test your example but I get a token back as long as I have a valid user. So as long as someone guesses the username they would get access to the application. We wan't to validate both user and password (saved in C4C) before letting the user in.

Ask a Question