1. Edmundo Buni
  2. PowerBuilder
  3. Monday, 3 February 2020 13:23 PM UTC

Hi,

Do we have examples on how to implement Powerbuilder - Okta integration using the Authority Code Grant flow? How can the redirect URI be captured back into powerbuilder?

We want to be able to call an Okta Login web app and capture the identity and access tokens back into Powerbuilder. We're using Powerbuilder 2017 R2 and can upgrade to Powerbuilder 2019.

Thank you,

Edmundo

Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Monday, 3 February 2020 18:09 PM UTC
  2. PowerBuilder
  3. # 1

Hi Edmundo;

  Since both PB and OKTA support the REST API - I would like to suggest that you have a look at this integration through that mechanism.

FYI:  https://developer.okta.com/code/rest/

Regards ... Chris

Comment
There are no comments made yet.
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Monday, 3 February 2020 18:19 PM UTC
  2. PowerBuilder
  3. # 2

I would suggest upgrading to PB 2019.  The REST client has been greatly enhanced since PB 2017 and it now directly supports tokens without you having to do your own implementation.  https://docs.appeon.com/appeon_online_help/pb2019/whats_new/ch01s04.html#Enhanced_RESTClient_object_in_beta_2

Comment
There are no comments made yet.
Julie Jiang @Appeon Accepted Answer Pending Moderation
  1. Tuesday, 4 February 2020 16:10 PM UTC
  2. PowerBuilder
  3. # 3

Hi Edmundo, 

In PowerBuilder 2019 R2 beta (https://www.appeon.com/developers/pb-2019r2-beta.html) we have added a new WebBrowser control.  We added the control actually for the purpose of loading the webpage in PowerBuilder that allows users to specify the authorization username/password.  So now if you want to call an Okta URL for login and then capture the OIDC token, please make sure to test it with the newly-introduced WebBrowser in 2019 R2 beta.

Best regards, Julie

 

Comment
There are no comments made yet.
Edmundo Buni Accepted Answer Pending Moderation
  1. Monday, 3 February 2020 19:02 PM UTC
  2. PowerBuilder
  3. # 4

Thanks for the replies.

I've already implemented Powerbuilder - Okta integration using the Resource Owner Password flow and Client Credentials flow using Powerbuilder 2019 and it's oAuth tokens.

On the Resource Owner Password flow, the Powerbuilder app captures username and password and sends it to Okta on an oAuth token object in Powerbuilder 2019.

The requirement though is to call an Okta URL for log-in and then capture the OIDC token after Okta has authenticated the user. This flow model is called Authority Code grant flow which are mainly used by web apps. 

Comment
There are no comments made yet.
Michael Kramer Accepted Answer Pending Moderation
  1. Monday, 3 February 2020 21:02 PM UTC
  2. PowerBuilder
  3. # 5

One way to send "anything" back to a PB app from any web app using just a URL is to create a custom URL protocol handler that:

  • Knows how to trigger events in your PB app
  • Listens to whatever URL protocol you decide to use

You can install custom URL protocol handlers on Windows clients via Windows registry.

Alternatively you need your web app to call some REST service when your token is ready - and your PB app to poll that REST service until that token is available. Remember to do everything secured since this is a security token you don't want to expose.

Authority Code is primarily used by web apps because it is quite hard to allow calls from one web app (the login app) to a native win32/win64 app without breaking the security sandbox. I have used custom URL protocol to do that.

Comment
  1. Edmundo Buni
  2. Tuesday, 4 February 2020 17:33 PM UTC
Thanks Michael. I'll try both approach and see if I can make it work. The custom URL protocol handle is an interesting one to do.
  1. Helpful
There are no comments made yet.
Kevin Ridley Accepted Answer Pending Moderation
  1. Tuesday, 4 February 2020 13:40 PM UTC
  2. PowerBuilder
  3. # 6

I'd recommend using REST service with Password Flow with the OauthClient object.

Comment
  1. Edmundo Buni
  2. Tuesday, 4 February 2020 17:36 PM UTC
Hi Kevin,

I've already implemented the Password flow and it works. But requirement specifies that PB app should not capture/handle the user credentials (username and password), and instead get an Okta login URL to do the user authentication.

  1. Helpful
  1. Kevin Ridley
  2. Tuesday, 4 February 2020 18:28 PM UTC
What about setting up a Service Account with a uid / pw and client id / client secret to use instead of a specific user? Sometimes it's necessary to change requirements to fit what your system is capable of performing. Other than that, you can try Julie's suggestion of the new web browser control. But for automation I'd rather use the OAUTHClient route than interacting with a browser.
  1. Helpful 1
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.