cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Login Implementation with username password via Things Service for mobile application Thingworx

sushantpatekar
Granite

Login Implementation with username password via Things Service for mobile application Thingworx

I am developing a mobile app that communicates with TWX via REST API. I have created MobileConnector_TH which having services that pull the data and revert it to mobile via HTTP Rest API.

 

Problem statement:-

I have one service written in MobileConnector_TH - validateUser(Username, Password)

Which contains the following code

var params = {

url: me.IPUrl+"/Thingworx/action-login?OrganizationName="+organization+"&thingworx-form-userid="+username+"&thingworx-form-password="+password+"&x-thingworx-session=true" /* STRING */,

contentType: "text/html" /* STRING */

};



// result: STRING

var result = Resources["ContentLoaderFunctions"].GetText(params);

 

This returns HTML webpage data into a string. I am unable to find any specific scenario to validate username&Password via Service. It showing the same result with the wrong password/username.

 

https://community.ptc.com/t5/ThingWorx-Developers/Authentication-with-User-Credentials-via-Rest-Api/...

 

Tags (1)
1 REPLY 1

Re: Login Implementation with username password via Things Service for mobile application Thingworx

@sushantpatekar , Not quite sure that I can address all of your questions. I have used a couple of different REST API calls to get information on the users in the system. 

To get a list of the users defined in the system. For my testing I used POSTMAN. The first question I tried to answer was can I get a list of the users on the system. To do this requires that I have an AppKey, you only do not want to share information with just anyone.

  • Get Transaction
    • URL: http://localhost/Thingworx/Users
    • Header values
      • appkey : <key value with priv to see users>
      • Accept : text/xml
        • I used this because I thought something you can parse is better other values exist such as "text/csv", "text/html"...
    • This returned a XML document which contained the list of user names.

Second question now that I know a user name can I get information about that user

  • Get Transaction
    • url: http://localhost/Thingworx/Users/TestUserName
    • Header values
      • appkey : <key value with priv to see users>
      • Accept : text/csv
  • This reply is a success (200). But not a lot of data. Take a look at the following URL to get an idea of what you can request. http://<youtThingWorx:<port>/Thingworx/Users/<known UserName>

In your post you are trying to make a REST API call and perform a login. Try the following.

  • POST transaction
    • URL: localhost/Thingworx/action-login
    • Header
      • Accept : text/csv
    • Body x-www-form-urlencoded
      • thingworx-form-userid : <user name>
      • thingworx-form-password : <password>
  • In my testing with POSTMAN this returned a status of 200, and a session ID

Now an item to be considered this approach is sending a username and password as clear text between a device and a server. NOT good security 

 

Let me know if this helps

 

Peter

Announcements

Check out the upcoming Expert Session: Understanding ThingWorx Navigate Licensing in Community "Customer Events" section.