cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X

Can ThingWorx work with OAuth 2.0? How to use an Authorization server with Thingworx

vinesh
8-Gravel
8-Gravel
‎Jan 24, 2019 08:25 AM
‎Jan 24, 2019 08:25 AM

Can ThingWorx work with OAuth 2.0? How to use an Authorization server with Thingworx

Hello,

I am new to ThingWorx and I am developing an Alexa Skill (Service Provider) which wants the data from ThingWorx (resource provider). I want to Authorize the users who enables this developed skill by asking them to sign up to the thingworx application for the first time and the communication between the Alexa and Thingworx from then on would happen with Access Token and not AppKey or Passwords. For this mechanism to work, ThingWorx should support OAuth2.0. So far I could not find any documentation (except the one describing SSO using PingFederate), which is totally a different scenario. Could anybody give some hints regarding this Alexa-ThingWorx-Access Token scenario.

Thanks in advance :)

Labels:
Notify Moderator
4 REPLIES 4
mnarang
17-Peridot
17-Peridot
(To:vinesh)
‎Jan 25, 2019 05:55 AM
‎Jan 25, 2019 05:55 AM

ThingWorx uses SAML2.0 for authentication and OAUTH2.0 for delegated authorizations .So yes ThingWorx supports OAUTH2.0 .As per your use case ThingWorx will act as an resource provider but in our SSO topologies ThingWorx generally acts as service provider .But you can design your use case as support for OAUTH2.0 is there ,even in our topologies we use CAS (central authorization server) which is PingFederate .So it depends how you establish a CAS between Alexa and ThingWorx for OAUTH tokens flow for authorization .

 

For PTC SSO Architecture and support you can also dig in to this official guide for better understanding :

https://www.ptc.com/support/-/media/FF578D3876DE4C12ABB1E3EB4E1DA191.pdf?sc_lang=en

 

Thanks ,

Mukul Narang 

 

Thanks ,

Mukul Narang 

0 Kudos
Notify Moderator
vinesh
8-Gravel
8-Gravel
(To:mnarang)
‎Jan 25, 2019 06:08 AM
‎Jan 25, 2019 06:08 AM

Hello Mr. Narang,

Thanks for the reply.

I have gone through that documentation about SSO in Thingworx. In that documentation, there are certain roles defined for each application i.e, ThingWorx is a Service Provider and Windchill is a resource provider. Windchill can be configured to provide access to the delegated Authorization (requests with Access Tokens). There, the Thingworx requests the Windchill to provide its data on behalf of the user. But the problem here is that the Thingworx wont give access to its resources to a third party services like Alexa / IFTTT, when such services requests a resource using an access token.

Please correct me if my understand is wrong.

Regards

0 Kudos
Notify Moderator
mnarang
17-Peridot
17-Peridot
(To:vinesh)
‎Jan 25, 2019 06:38 AM
‎Jan 25, 2019 06:38 AM

Yes ,If you see that ways your understanding is correct .This design will be similar to one of our topology in which ThingWorx is a service provider and SAP is resource provider .So ThingWorx try to access resource from SAP system .Although  I think there was something implemented at SAP side also to allow the OAUTH from ThingWorx  for authorization .Still when ThingWorx try to access resource from SAP there is additional SAP authorization page .So in similar manner in your use case there must be implementation from PTC ThinWorx R&D side to allow users from external system to access resources .

 

Hope it helps !! 

 

Thanks ,

Mukul Narang 

0 Kudos
Notify Moderator
vinesh
8-Gravel
8-Gravel
(To:mnarang)
‎Jan 25, 2019 07:04 AM
‎Jan 25, 2019 07:04 AM

Exactly. There has to be something on the Thingworx side to authenticate a http request with an Access Token. I have also posted this on the PTC product idea portal. I hope PTC comes up with this functionality soon.

Notify Moderator
Top Tags