cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X

Connection to IFS Cloud Endpoint with OAuth 2.0

fredrik.tell
13-Aquamarine

Connection to IFS Cloud Endpoint with OAuth 2.0

Hi PTC Developer team,

I am looking for example code of how to connect to IFS Cloud where I need to use OAuth 2.0 Client from ThingWorx Platform. (I would like to find a way without using ThingWorx Flow) 

 

Steps I like to perform:

1. Connect with OAuth 2.0 from the platform (looking for example code).

2. Extract data using the REST enpoints (this we have already done in postman and will be able to use in TWX when the auth is configured). 

 

Link to IFS Cloud documentation: https://docs.ifs.com/techdocs/22r1/030_administration/010_security/005_security/030_authentication/#bearer_token_usage 

1 ACCEPTED SOLUTION

Accepted Solutions

Hi,

I have few suggestions I think will be a good starting point:

1. First you need to have ThingWorx Platform configured for SSO with IdP of your choice so it can request OAuth token for  IFS Cloud application - see Single Sign-on Overview (ptc.com)

2. Next your IFS Cloud Application need to be defined in CAS so ThingWorx can request OAuth token - see authorization examples of SAP and Windchill  here Configuring the Central Auth Server – PingFederate (ptc.com)

3. Then I think will should extend HTTPConnector -see Integration Connectors (ptc.com) and define the service to authenticate using OAuth token and call some rest POINT similarly to what you have done in Postman

 

Hope this helps.

 

Marek

View solution in original post

10 REPLIES 10

Hello,

 

I was wondering, is it your client id, client secret etc that you want to get in step 1?

Or do you have them and just want to know how to use them in a Thingworx REST call?

 

Regards,

Jens

fredrik.tell
13-Aquamarine
(To:jensc)

I would like to know both. I guess the second part I can figure out from what we have in postman and I guess it's configured in the header. 

Alright, then I am not sure I can help you more than to point you to the IFS community.

Did you check out this IFS community post for example? 

https://community.ifs.com/framework-experience-infrastructure-cloud-integration-dev-tools-50/ifs-rest-api-oauth-2-13375 

 

Looks like there is a link in this post that explains how to do it using postman, and I assume you could probably do the same steps to make it work on Thingworx.

 

Sorry I couldn't be of more help.

 

Regards,

Jens

 

fredrik.tell
13-Aquamarine
(To:jensc)

Thanks for your input Jens. I'm able to execute the REST call from Postman, I'm just not sure how to configure ThingWorx to use the OAuth 2.0. I guess I could take the Bearer token from Postman and use it in the header of the REST call in ThingWorx but that will only be valid for short period of time. I need a way to get a new token directly from ThingWorx and utilize the OAuth. 

Hello,

 

If it is similar to how it works for Sharepoint (which I guess as it also uses OAuth 2.0), then after you have received your client secret, id etc then you can just use those in a rest call to fetch your Bearer token just like you are doing from Postman.

However I guess maybe you have multiple users/applications that should each use a different secret, so maybe this manual step to get those will not work for you?

 

Regards,

Jens

fredrik.tell
13-Aquamarine
(To:jensc)

Correct, we will have hundred of users connected so manual steps are not acceptable. Both ThingWorx and IFS are today AD connected and all connections to IFS needs to be authenticated with the actual user (not by a service account). 

Hello,

 

I hope someone else in the community might have better answers.

But it could also be useful to ask the question on the IFS forum to see if someone there might know how to do it.

 

As I am not so familiar with OAuth, I can't really say if what you want to do is even possible.

 

Regards,

Jens

Hi,

I have few suggestions I think will be a good starting point:

1. First you need to have ThingWorx Platform configured for SSO with IdP of your choice so it can request OAuth token for  IFS Cloud application - see Single Sign-on Overview (ptc.com)

2. Next your IFS Cloud Application need to be defined in CAS so ThingWorx can request OAuth token - see authorization examples of SAP and Windchill  here Configuring the Central Auth Server – PingFederate (ptc.com)

3. Then I think will should extend HTTPConnector -see Integration Connectors (ptc.com) and define the service to authenticate using OAuth token and call some rest POINT similarly to what you have done in Postman

 

Hope this helps.

 

Marek

Thanks Marek for your suggestions. Could you please confirm if SSO is required in this scenario? 

Yes ,ThingWorx has to be configured for SSO to be able to request for OAuth token from CAS. ThingWorx user making such request has to be authenticated with the IdP, you can't request OAuth token as anonymous user.

Top Tags