Smartservices & the world

[moctes]

Happy new year to all !

I have not used SmartServices with kbmMW and I am considering doing some services in this way, these services should be consumed by desktop clients as well as third party Web / Mobile applications etc. other than Delphi.

Can someone provide information about how to consume REST services using a generic client, ie something like POSTMAN or Insomnia ?

My main interest is Authentication and security

What is the kbmMW way to pass user name, password, token (using headers? if so, what kind?, in the body of the http message? if so, how?, etc), also it also be very useful if there were an example using something like JWT

• This topic was modified 4 years, 11 months ago by moctes.

[kimbomadsen]

I have used Insomnia for a while for some projects. It works fine for REST style calls.

Hi,

First the posts: https://components4developers.blog/2017/05/26/rest-easy-with-kbmmw-4-access-management/

and: https://components4developers.blog/2018/07/06/rest-easy-with-kbmmw-14-db-controlled-login/

are good starting points in using SmartServices and authorization.

Currently kbmMW supports HTTP Basic authorization which is stored in the header.

 

[moctes]

Some how I missed this

Currently kbmMW supports HTTP Basic authorization which is stored in the header

That’s a show stopper for me, basic authentication is, well, basic, please forgive my previous posts (unapproved), I need to review what my options are and make a decision before any further development

[kimbomadsen]

Hi,

I will have a look at other options to support directly. However I would think that as long as you have an OAUTH or JWT authorizer somewhere, you should be able to grab the provided access tokens and use them in kbmMW REST calls.

best regards

Kim/C4D

[moctes]

Thank you Kim,

I will give these posts a more careful read, I quickly searched in the posts you suggested and altogh I saw this:
The moment you try to this call:

http://localhost:1111/biolife/specieByCategory/Butterflyfish

You will be requested for a login by the browser. If you provide the user name and password matching a user in the database having the role AdminRole, you will be shown the result of the request

As it would be no browser involved, I could not find how to pass user name and password to the API services, may be as url parameters, i.e.

Authentication
http://localhost:1111/biolife/auth?username=DEMO&pass=demo

Authorization
http://localhost:1111/biolife/specieByCategory/Butterflyfish?token=accesstoken

as a POST request with the data as JSON on the body ?
POST http://localhost:1111/biolife/auth
{ "username": "DEMO", "password": "demo" }

Maybe in some Header ?

I have access to the source code of kbm of course, but a white paper, blog post or sample project showing how to achieve this would be great.

Regards

P.S, I don’t know if my question will be duplicated, I sent it before but I didn’t see it published

[Author]

Posts