Hello all,
I'm still new to HTTP calls and Oauth2 so I'd like to give an overview of what I'm trying to do and I'd appreciate any idea and help on any part of the approach.
I remember I was successful with starting SalesForce connectivity in which I just needed to login and get an access_token using username & password.
Now I'm working on MS Graph and Office 365 REST APIs with the prerequisite of application registration and Oath2 Authentication Code before login.
So I need to get an Authorization Code before getting the access_token.
When I registered my app, I needed to set a uri, "redirect_uri" and when I call to GET the authorization code, the code is supposed to be sent back as the query string of the same registered uri.
So my question is that can I get the returned redirect_uri to extract the query string?
Or am I on a right path at all?
Thank you,
Kathy
When dealing with oAuth you typically do a UI login for users and then capture the token. In a VFP app that would be via Web Browser control and you'd then read the token out of the browser's request data.
I'm not sure if you can follow the oAuth flow just with wwHttp. It depends on how the API is set up. If it's for API services then the API should expose a token retrieval endpoint of some sort.
+++ Rick ---
Thank you so much Rick.
Working on Salesforce I learned how to get OAuth access_token by using just wwHTTP (I was so excited that I posted it on MessageBoard as "Talking to SalesForce").
But in that case the access_token was returned as a JSON string that I could get easily by HTTPGet.
Now MS Graph looks like it has 1 more step prior to GET the access_token and it's to GET the Authorization_Code which is supposed be returned to you as part of my "redirect_uri" (after recognizing my ApplicationID/"client_id") so I need to know how I can get it programatically!
I'm not familiar with "cExtraHeaders" & "CHttpHeaders" but can I get the returned redirect_uri as something like "Location" in "CHttpHeaders"?
This sample is from Microsoft:
*"... The request URL for an application that requires read access to mail might look like the following.
GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=
Redirect the user to the logon URL. The user is presented with a sign in screen that displays the name of the app. After signing in, the user is presented with the list of the permissions the app requires and prompted to allow or deny. If the user consents, the browser redirects to the redirect URI with the authorization code and state in the query string, as shown in the following example.
http://localhost/myapp/?code=AwABAAAA...cZZ6IgAA&state=1234
The next step is to exchange the authorization code returned for an access token. ..."*
wwHttp should automatically follow redirects if they are standard redirects (ie. 302 or 301 HTTP status results). If the redirect uri is in the header you can read it out by calling GetHttpHeader('redirect-uri') after the request completes.
+++ Rick ---