Introduction
PowerBuilder supports getting secured data from the OAuth 2.0 authorization server. The Bearer access token is supported, and the following grant types are supported:
- Authorization Code
- Implicit Flow
- Client Credentials
- Extension (or Refresh Token)
- Resource Owner Password
This document provides an example on how to set up OAuth 2.0 authorization workflow using the Authorization Code grant type in a PowerBuilder application.
Prerequisties
- PowerBuilder 2019 R2 or above
PowerBuilder 2019 R2 has the WebBrowser control for loading the authorization page to get the authorization code; and also the OAuthClient object for obtaining the access token and the protected resource.
- Demo code (available in oauth_code&token_example.zip)
This is the sample PowerBuilder application. It contains two targets:
The oauth_code application applies the OAuth 2.0 authorization workflow using Authorization Code , which will be explained in more details in this document.
The oauth_token application applies the OAuth 2.0 authorization workflow using Implicit Flow. For supporting instructions, please refer to the Supporting OAuth 2.0 Authorization Server section in Application Techniques in the PowerBuilder documentation.
- Setting up the authorization credential in an OAuth Server.
If you follow the instructions at Appendix: Creating a YouTube Data API to create the authorization credential for accessing Google YouTube data APIs, you will have the following authorization credential information prepared:
- Token URL: https://accounts.google.com/o/oauth2/token
- Client ID: 434849452875-6905f1g9rjiargcnqut06afmnn0b0fp7.apps.googleusercontent.com
- Secret: E1b7RsBxZWKq_yrl-kbfONF5
- Username: Your own user name
- Password: Your own password
- Scope: https://www.googleapis.com/auth/youtube
- Redirect: https://www.appeon.com/callback
- Authorization URL: https://accounts.google.com/o/oauth2/auth
- Resource URL: https://www.googleapis.com/oauth2/v1/tokeninfo
Implementing OAuth 2.0 Authorization
Take the following steps to learn how to implement the Authorization Code grant type (granttype = "authorization_code") in the PowerBuilder application.
Step 1: Open the demo application oauth_code_token in PowerBuilder.
Step 2: Ask the user to specify the authorization code details in the authorization_code tab of the w_oauth_code window.
Step 3: Open the WebBrowser control using OpenWithParm in the Clicked event of the GetToken button, with the authorization URL passed in the OpenWithParm parameter.
ls_Url_code = "https://accounts.google.com/o/oauth2/auth?client_id=" + ls_id + "&redirect_uri=" + ls_redirect +"&scope=" + ls_Scope + "&response_type=code"
OpenWithParm (w_webbrowser, ls_Url_code) //via the WebBrowser control
ls_code = Message.StringparmStep 4: Get the access token using the authorization code via OAuthClient.
ltr_Request.tokenlocation = "https://accounts.google.com/o/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.granttype = "authorization_code"
ltr_Request.clientid = ls_id
ltr_Request.clientsecret = ls_secret
ltr_Request.ClearParams()
ltr_Request.AppendParam( "grant_type", "authorization_code")
ltr_Request.AppendParam( "client_id", ls_id )
ltr_Request.AppendParam( "client_secret", ls_secret )
ltr_Request.AppendParam( "scope", ls_Scope )
ltr_Request.AppendParam( "code", ls_code )
ltr_Request.AppendParam( "redirect_uri", ls_Redirect )
ltr_Request.ClearHeaders()
ltr_Request.SetHeader("Content-Type", "application/x-www-form-urlencoded")
li_rtn = loa_Client.AccessToken( ltr_Request, ltr_Response )
Step 5: Get the resource from the resource URL via the access token.
OAuthRequest loa_Request
ResourceResponse lrr_Response
loa_Request.SetAccessToken (access_token)
loa_Request.Method = "GET"
loa_Request.Url = "https://www.googleapis.com/oauth2/v1/tokeninfo"
li_rtn = ioa_Client.requestresource( loa_Request, lrr_Response )The complete code example is as below:
String ls_id, ls_secret, ls_Scope, ls_Redirect
String ls_Body, ls_code, ls_Url_code, ls_AccessToken
Integer li_rtn
OAuthClient loa_Client
TokenRequest ltr_Request
TokenResponse ltr_Response
OAuthRequest loa_Request
ResourceResponse lrr_Response
CoderObject lco_Code
Blob lb_data
lco_Code = Create CoderObject
loa_Client = Create OAuthClient
ls_id = "434849452875-6905f1g9rjiargcnqut06afmnn0b0fp7.apps.googleusercontent.com"
ls_secret = "E1b7RsBxZWKq_yrl-kbfONF5"
ls_Scope = "https://www.googleapis.com/auth/youtube"
ls_Redirect = "https://www.appeon.com/callback"
//Step 1: Get the authorization code
ls_Url_code = "https://accounts.google.com/o/oauth2/auth?client_id=" + ls_id + "&redirect_uri=" + ls_Redirect +"&scope=" + ls_Scope + "&response_type=code"
OpenWithParm ( w_webbrowser,ls_Url_code )
ls_code = Message.Stringparm
If Len ( ls_code ) < 1 Then Return
If Pos( ls_code, "code=" ) < 0 Then return
ls_code = Mid ( ls_code, pos(ls_code,"=") + 1)
ls_code = Mid ( ls_code, 1, pos(ls_code,"&") - 1)
lb_data = lco_Code.Urldecode( ls_code)
ls_code = String ( lb_data,EncodingANSI!)
//Step 2: Get the RESTful Server token
ltr_Request.tokenlocation = "https://accounts.google.com/o/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.granttype = "authorization_code"
ltr_Request.clientid = ls_id
ltr_Request.clientsecret = ls_secret
ltr_Request.ClearParams()
ltr_Request.AppendParam( "grant_type","authorization_code")
ltr_Request.AppendParam( "client_id", ls_id )
ltr_Request.AppendParam( "client_secret", ls_secret )
ltr_Request.AppendParam( "scope", ls_Scope )
ltr_Request.AppendParam( "code", ls_code )
ltr_Request.AppendParam( "redirect_uri", ls_Redirect )
ltr_Request.ClearHeaders()
ltr_Request.SetHeader("Content-Type","application/x-www-form-urlencoded")
li_rtn = loa_Client.AccessToken( ltr_Request, ltr_Response )
If li_rtn = 1 Then
ls_AccessToken = ltr_Response.GetAccessToken ( )
//Step 3: Get the RESTful Server resource
If Len(ls_AccessToken) > 0 Then
loa_Request.SetAccessToken (ls_AccessToken)
loa_Request.Method = "GET"
loa_Request.Url = "https://www.googleapis.com/oauth2/v1/tokeninfo"
li_rtn = loa_Client.requestresource( loa_Request, lrr_Response )
If li_rtn = 1 Then
lrr_Response.GetBody(ls_Body)
MessageBox ( "Tips", ls_Body )
End If
End If
End IfAppendix: Creating a YouTube Data API
The following steps demonstrate how to create a YouTube Data API which can be used later to implement the Google OAuth server authorization code in the PowerBuilder application.
1. Visit https://developers.google.com and select Products -> YouTube.
2. Select Guides, and then select YouTube Data API (v3).
3. Read the Overview section and follow its instructions to access the API Console.
4. From Google APIs, create a new project or select an existing one.
5. In OAuth consent screen for the project, set Application type to Public, fill in Application name and then click Save.
6. Select Create Credentials -> OAuth client ID, and then set Application type to Web Application and fill in Name.
You will see Client ID and Client Secret when creation is successful. Save your Client ID and Client Secret for use later.
In this example, the following Client ID and Client Secret are generated:
Client ID: 434849452875-6905f1g9rjiargcnqut06afmnn0b0fp7.apps.googleusercontent.com
Client Secret: E1b7RsBxZWKq_yrl-kbfONF5
7. Click the OAuth Client you created in step 6, and then set URIs and click Save.
Now you have all the information you need to implement the authorization code grant type in the PowerBuilder application.