Solved: Connection to IFS Cloud Endpoint with OAuth 2.0

fredrik.tell · ‎Mar 27, 2023

Hi PTC Developer team,

I am looking for example code of how to connect to IFS Cloud where I need to use OAuth 2.0 Client from ThingWorx Platform. (I would like to find a way without using ThingWorx Flow)

Steps I like to perform:

1. Connect with OAuth 2.0 from the platform (looking for example code).

2. Extract data using the REST enpoints (this we have already done in postman and will be able to use in TWX when the auth is configured).

Link to IFS Cloud documentation: https://docs.ifs.com/techdocs/22r1/030_administration/010_security/005_security/030_authentication/#bearer_token_usage

MarekP.Nowaczyk · ‎Apr 21, 2023

Hi,

I have few suggestions I think will be a good starting point:

1. First you need to have ThingWorx Platform configured for SSO with IdP of your choice so it can request OAuth token for IFS Cloud application - see Single Sign-on Overview (ptc.com)

2. Next your IFS Cloud Application need to be defined in CAS so ThingWorx can request OAuth token - see authorization examples of SAP and Windchill here Configuring the Central Auth Server – PingFederate (ptc.com)

3. Then I think will should extend HTTPConnector -see Integration Connectors (ptc.com) and define the service to authenticate using OAuth token and call some rest POINT similarly to what you have done in Postman

Hope this helps.

Marek

View solution in original post

jensc · ‎Mar 27, 2023

Hello,

I was wondering, is it your client id, client secret etc that you want to get in step 1?

Or do you have them and just want to know how to use them in a Thingworx REST call?

Regards,

Jens

fredrik.tell · ‎Mar 27, 2023

I would like to know both. I guess the second part I can figure out from what we have in postman and I guess it's configured in the header.

jensc · ‎Mar 27, 2023

Alright, then I am not sure I can help you more than to point you to the IFS community.

Did you check out this IFS community post for example?

https://community.ifs.com/framework-experience-infrastructure-cloud-integration-dev-tools-50/ifs-rest-api-oauth-2-13375

Looks like there is a link in this post that explains how to do it using postman, and I assume you could probably do the same steps to make it work on Thingworx.

Sorry I couldn't be of more help.

Regards,

Jens

fredrik.tell · ‎Mar 27, 2023

Thanks for your input Jens. I'm able to execute the REST call from Postman, I'm just not sure how to configure ThingWorx to use the OAuth 2.0. I guess I could take the Bearer token from Postman and use it in the header of the REST call in ThingWorx but that will only be valid for short period of time. I need a way to get a new token directly from ThingWorx and utilize the OAuth.

jensc · ‎Mar 28, 2023

Hello,

If it is similar to how it works for Sharepoint (which I guess as it also uses OAuth 2.0), then after you have received your client secret, id etc then you can just use those in a rest call to fetch your Bearer token just like you are doing from Postman.

However I guess maybe you have multiple users/applications that should each use a different secret, so maybe this manual step to get those will not work for you?

Regards,

Jens

fredrik.tell · ‎Mar 28, 2023

Correct, we will have hundred of users connected so manual steps are not acceptable. Both ThingWorx and IFS are today AD connected and all connections to IFS needs to be authenticated with the actual user (not by a service account).

jensc · ‎Mar 28, 2023

Hello,

I hope someone else in the community might have better answers.

But it could also be useful to ask the question on the IFS forum to see if someone there might know how to do it.

As I am not so familiar with OAuth, I can't really say if what you want to do is even possible.

Regards,

Jens

MarekP.Nowaczyk · ‎Apr 21, 2023

Hi,

I have few suggestions I think will be a good starting point:

1. First you need to have ThingWorx Platform configured for SSO with IdP of your choice so it can request OAuth token for IFS Cloud application - see Single Sign-on Overview (ptc.com)

2. Next your IFS Cloud Application need to be defined in CAS so ThingWorx can request OAuth token - see authorization examples of SAP and Windchill here Configuring the Central Auth Server – PingFederate (ptc.com)

3. Then I think will should extend HTTPConnector -see Integration Connectors (ptc.com) and define the service to authenticate using OAuth token and call some rest POINT similarly to what you have done in Postman

Hope this helps.

Marek

fredrik.tell · ‎Apr 21, 2023

Thanks Marek for your suggestions. Could you please confirm if SSO is required in this scenario?

MarekP.Nowaczyk · ‎Apr 21, 2023

Yes ,ThingWorx has to be configured for SSO to be able to request for OAuth token from CAS. ThingWorx user making such request has to be authenticated with the IdP, you can't request OAuth token as anonymous user.