REST interface
Multiple versions of the API can live at separate URLs. These versions are not bound to particular versions of OAuth, OpenSocial or VOOT. However, different versions of the OpenConext API MIGHT offer different OAuth or OpenSocial versions.
The first version of the OpenConext API provides:
- OAuth 1.0a
- OAuth 2.0
- OpenSocial x.x + VOOT
See the OpenConext Developers section for the OpenConext API V1 specification.
The OpenConext API uses the Spring OAuth 2 module for its OAuth1 & 2 implementation.
| OAuth | Grant type | Supported | Endpoints | Required fields in ServiceRegistry |
|---|---|---|---|---|
| OAuth 1.0 |  |
|||
| OAuth 1.0a | 2 legged |  |
coin:oauth:two_legged_allowed coin:gadgetbaseurl coin:oauth:secret |
|
| OAuth 1.0a | 3 legged | |
/oauth1/requestToken /oauth1/accessToken /oauth1/confirm_access |
coin:gadgetbaseurl coin:oauth:secret |
| OAuth 2.0 | Authorization Code | |
/oauth2/authorize /oauth2/token |
coin:gadgetbaseurl coin:oauth:secret |
| OAuth 2.0 | Implicit Grant | |
/oauth2/authorize | coin:gadgetbaseurl coin:oauth:callback_url |
| OAuth 2.0 | Client Credentials | |
||
| OAuth 2.0 | Resource owner Credentials | |
We implemented everything we expect from External Group Providers (see External Group Providers), except sorting on groupMembers as explained in https://jira.surfconext.nl/jira/browse/BACKLOG-438.
For all the calls to external teams we also check if the external team is linked to a team in the the Teams Application of OpenConext. If this is the case then this new team is added to the results. The same logic applies to the retrieval of members of an external team (e.g. the members of the new team linked to the external team are added to the result)
See also Linked External Groups
- Front: OpenSocial / OAuth 1.0a/2
- Back:
- JANUS (using JANUS REST client)
- Grouper (directly into the tables of the teams database & through the Grouper interface)
- Engine (database integration for the groupProvider configuration and the persistent identifiers)
- LDAP (direct queries for person information)
- External Group Provider (joined library with SURFteams with Scribe OAuth client)
The API includes a CORS header in its responses, having '*' as value. This is implemented by using a ResponseHeaderAddingFilter class, configured in web.xml. In addition, 'preflight requests' are supported, as documented here:
- http://www.w3.org/TR/cors/#resource-preflight-requests
- http://stackoverflow.com/questions/8685678/cors-how-do-preflight-an-httprequest
- https://developer.mozilla.org/en/http_access_control
The REST interface will wrap all internal server errors in a 500 response that contains details in JSON format. Example of an error response:
{"detail":"Access is denied","error":"An internal server error occurred.","date":"2012-06-18T15:59:30.615+02:00"}