Live Coding Happy Hour Recap for September 30, 2016 - OAuth Part 2

#OAuth , #REST Message , #REST Integration , #Live Coding Happy Hour

Josh Nerius

2 minute read

YouTube video: https://www.youtube.com/watch?v=NyFooBktJNE

The Live Coding Team: josh.nerius, dave.slusher, ctomasi

In last week’s Live Coding Happy Hour, we picked up where we left off previous week and figured out how to programmatically get an OAuth Access Token from the oauth_credential table for our Bit.ly integration.

Video Index

Useful Resources

Corrections

A Better Approach for Getting Access Tokens

In the Live Coding session, we used a manual approach to query the oauth_credential able to get an Access Token using GlideRecord, but there’s actually a much better way to accomplish this using GlideOAuthClient.

Before (manual GlideRecord lookup)

function getToken(profile, user) {B B B B B var gr = new GlideRecord(‘oauth_credential’);B B B B B B gr.addQuery(‘oauth_requestor_profile.oauth_entity_profile’, profile);B B B B B B gr.addQuery(‘user’, user); B B B gr.query();B B B B B B

B B B if (gr.next()) {B B B B B B B B B B B B gs.debug(‘found it’);B B B B B B B B B B B B B return gr.getValue(‘token’);B B B B B } else {B B B B B B B B B B B B gs.debug(’:(‘);B B B B B B } }

var token = getToken(oauthProfileId, userId);

After (using GlideOAuthClient API)

// Initialize client and get a token objectB var oauthClient = new sn_auth.GlideOAuthClient(); var tokenObject = oauthClient.getToken(restMessageId, oauthProfileId);B var accessToken = tokenObject.getAccessToken();B gs.debug(‘Access Token: ‘ + accessToken);

Handling a non-expiring token

I mentioned that I’d show you how to handle the non-expiring token sent by Bit.ly, but didn’t get around to it during the broadcast.

To accomplish this, we need to add a single line to the postProcessAccessToken method in our custom OAuthBitlyHandler Script Include:

// Manually set the expire time to 1 year in seconds (60 * 60 * 24 * 365) paramMap.put(bexpires_in’, b31536000’);

In this example, I’ve set the expiration time to 1 year, but you should set this to whatever value makes sense for you and your password rotation schedule (you should go and regenerate this periodically for security reasons, even if the the API doesn’t enforce token rotation).

Comments