Intergrating IDAM System

  • 1
  • Question
  • Updated 2 months ago
Hi Guys

I am having a hard time setting up an API for me to manage users from our IDAM system. I have followed your guide and managed to get the access token working via Postman. I can make request in Postman but I would like to know how can I translate the setup to our IDAM system?

This is the screenshot I have in our IDAM system which is requesting for a "refresh token". What data I have to fill up here? Also at the point of API key creation, I have put in https://www.getpostman.com/oauth2/callback as the callback URL. Do I have to change this if I require access from different app?

Can I use the Access Token I generated from the Postman in our software?





Photo of Muthu K

Muthu K

  • 2 Posts
  • 0 Reply Likes

Posted 2 months ago

  • 1
Photo of Dale Smith

Dale Smith, Software Engineer

  • 166 Posts
  • 21 Reply Likes
Hi Muthu,

Sharefile implements OAuth 2.0, which is pretty well explained here: https://aaronparecki.com/oauth-2-simplified/

The idea is, as an application, you request authorization on behalf of the user. Your client id, client secret, and registered redirect uri, identify the application itself. So if you plan to have multiple applications, each with their own redirect uri, then you would need to create multiple client ids. 

When you use the authorization_code grant type, your application redirects the user's browser to the Sharefile login page, where they login granting access to your application. Your application then receives an authorization code, which you can exchange for an access token (a short lived token which allows you to call the Sharefile API on behalf of the user) and a refresh token (a longer lived token which allows your application to request more access tokens without asking the user to login again when your existing access token expires)

From the screen shot you have shown, it looks like the reason it is asking for the refresh token is because you have the refresh grant type selected. Do you have other options there such as authorization code or password/resource owner? 

Password/Resource owner grant, allows the application to send the user's credentials to Sharefile directly to receive an access token and a refresh token. While generally, the authorization code grant type is suggested, due to the user not having to trust the calling application with their credentials, password grant type can be helpful when the user has a trusted relationship with the oauth client application. For instance if it is an internal application only used for that user's account, developed by that user's company.

While Postman is helpful to get started and testing out calls to the Sharefile API, you would not actually use Postman to generate your tokens for you in your app. It also hides the actual calls it is doing so its more difficult to understand the oauth flow if you are new to it. 

Hopefully this, and the linked blog helps. Please let me know if you have any additional questions.

Dale
Photo of Muthu K

Muthu K

  • 2 Posts
  • 0 Reply Likes
Hi Dale

Much thanks for the detailed reply. Let me read through the OAUTH2.0  explanation in the link you provided.

In the meantime, I have dug my application and noticed that the only grant type supported for OAuth2.0 is Refresh Token. I cannot select any other option than this. There is the option with "Basic Authentication" but that would only allow me to put in the username and password. I reckon this is not OAuth2.0 supported.

Do you have any other simplified way of get this to work? Would appreciate your advise.
Photo of Dale Smith

Dale Smith, Software Engineer

  • 166 Posts
  • 21 Reply Likes
Hmm, not sure then. The only way I could see it working is if they supported Password grant type, as that is essentially the OAuth version of Basic Authentication. 

What is the actual work flow you are wanting here?