[Data Grid] rest api call authentication

Forge Component
(28)
Published on 24 Sep (3 weeks ago) by OutSystems R&D
28 votes
Published on 24 Sep (3 weeks ago) by OutSystems R&D

Hi guys. First I'd like to say thanks for this great component! I just stumbled across it in the forge. Outsystems should have promoted it some more to increase awareness.


My question is can you authenticate the rest api call? Like in the rest url property ? Do I have access to the header ? In my case I would like to use a service account that generated a token (from lifetime). And put this in the call

Authorization: Bearer <authentication_token>


Is it possible?

Hi Mark,

I've been playing around with this Grid component and checking the possibility of having a tokenize/OAuth authentication but I ended up forking the version of the grid and modifying the Grid Framework. This is not an ideal solution because a fork version will not be supported. Hence, we are doing communications about this with the team working on the Grid.


What I've done is to modify the Javascript code under GridScripts (UI Flow) > GridFramework > Javascript properties and added setRequestHeader to the XMLHttpRequest. 


GridOS.DataFeature.getGridData -- handles the initial load of data 
GridOS.dirtyItemsFeature.sendJsonDirtyElements -- send dirty row buttons (there are other codes for other buttons - e.g. SendRemovedRowsButtons)



Regards,
John

Solution

Hi Mark,

We have some actions that enable you to authenticate your REST API calls with the session user.

In the Grid Component, you can find a module called DataGridAuthentication that exposes a single action: GetUserLogged. This returns the session User Id. You can then verify if the user is actually logged in (UserId <> NullIdentifier()) or not, and create logic to handle it.

Let me know if this solved your issue.

Regards,

Ricardo Alves

Solution

Hey guys thanks for your replys. I'm going to try Ricardo's suggestion since I think it will suffice and I won't have to do any customization. Not sure how I missed the authentication extension but I did.


Would I put the GetUserLogged action directly in my api method? I tried that and when I debug it shows a null userid so then my rest code doesn't run. Is this the right place to use it?


Another question. Do I turn Authentication from basic to none in the rest api properties?



A little more info. I tried all three none/basic/custom settings for authentication. I tried putting GetUserLogged at the start of my rest api method and also tried moving it to the OnAuthentication method that gets created automatically. In all cases GetUserLogged returns null for me. Not sure what I'm doing wrong here.


I'm definitely logged in. I'm launching the rest api call from my outsystems screen that has the grid on it. Im just refreshing the page.

Okay I think I figured something out. If I move my rest api into the same espace as the grid screen , it works. Is that what was intended ? Wouldn't proper architecture dictate that the rest api live in lower lever logic espace?

Has Anyone successfully used the GetUserLogged server action, where there rest api is in a different espace than the data grid ? I really don't want to move my rest api to the same espace.


Okay I finally figured it out. In your espace that contains the rest api , In order for GetUserLogged to work, make sure the espace property User Provider Module = Users. Mine was set to current espace.

Hi Mark,

You shouldn't need to have the REST API in the same module as the grid. It doesn't promote good architecture practices as you said :) 

Probably, what happened, is that those modules were using different user providers. The GetUserLogged returns the logged session user. If you have different user providers (which probably is the case - can you please confirm?), you'd be checking the logged user in different providers, so, even though you logged in, the UserId wouldn't match with the current logged in user, since you're pointing to different user provides.

So, long story short, you don't need to have the API and the Grid in the same module but, the user provider should be the same in both modules (not necessarily the Users module). 

Regards,

Ricardo Alves

Hi folks,

We have the REST API and the grid in different modules.  All works OK.

We are using Custom authentication for the REST API. The GetUserLogged() action is called in the OnAuthentication callback and we then check that the user has a specific role.  Again works OK.

We are on platform 10.0.828.

Rgds

James Mansell