Fetch oauth2 login to use Rest API from web or from android mobile

scarfagna72 · April 17, 2024, 6:31am

Please help Jmix team and community members to answer your questions:

Jmix 2.2.1

Basic demo app from examples

Added rest api support

We are “”playing”” Jmix but we have some problems on oauth2 authentication …

Running a basic application our goal is to login and use some REST API like list some objects
from web and from mobile.

We can access to the rest api after login ( using JMIX application ) ed everithing is fine.
But how can we user REST API without JMIX Login ?

From web site we use JS and Fetch

We use Javascript
We use FetchApi as like this

// javascript fetch call to login
fetch(url, {
credentials : “include”,
method : “POST”,
mode : ‘cors’,
headers : {
“Content-Type” : “application/json”,
“Authorization” : 'Basic ’ + btoa(email + “:” + password),
‘Access-Control-Request-Method’ : ‘POST’,
},
// handle response
}).then(function(response) { …

How can we build a login ? using user and password ?
We dont want to use JMIX Vaadin GUI, because we develop a custom app web js/mobile android.

http://localhost:8080/oauth2/token ??
we are following your istructions :
Getting Started with REST :: Jmix Documentation (VER.2 )

curl --location ‘http://localhost:8080/oauth2/token’
–header ‘Content-Type: application/x-www-form-urlencoded’
–header ‘Authorization: Basic WkdKdFkyMXZhV2g21ZVRwaN2JtOXZjSDE0V1ZwU2NtdHZlRzFHOg==’
–data ‘grant_type=client_credentials’

Is there someting wrong ?
Is it possible to use Fetch to login and access the REST Api ?
Is there any example in JS or Android ?

thanks to all for the support

regards
Stefano

shchienko · April 17, 2024, 6:49am

Hello,

Sample (OAuth2 + Jmix + React):

In the next update, we supported logging into the REST API using a login and password.

github.com/jmix-framework/jmix

Implement Resource owner password credentials grant in Authorization server add-on

opened 02:36PM - 21 Nov 23 UTC

closed 10:02AM - 13 May 24 UTC

gorbunkov

size: M in: authserver

Although [Resource owner password credentials grant](https://datatracker.ietf.or…g/doc/html/rfc6749#page-37) was deprecated in OAuth 2.1 and is not supported by the Spring Authorization Server library that we use, we may consider adding a support of this grant type to the add-on. Existing users who migrate from CUBA or Jmix 1.x may want to leave the authorization flow as it was before. See [Spring documentation](https://docs.spring.io/spring-authorization-server/reference/guides/how-to-ext-grant-type.html) about implementing custom grant type. See [forum topic](https://forum.jmix.io/t/how-to-authenticate-in-rest-with-jmix-user-credentials/3965).

Regards,
Nikita

scarfagna72 · April 17, 2024, 9:00am

I think should be nice to have, as soon as possible in order
to replace Legacy web application.
Generally the Customer Web Interface cannot change.
We are in this Stack

old
Customer WEB GUI or Android App <----> (Customer Api) REST Api <----> Entity (Customer DB Access)

new
Customer WEB GUI or Android App <----> (Jmix) REST Api <----> Entity (Jmix)

So actually is not possible to use Jmix 2.2.0 to replace only RestApi backend ??

scarfagna72 · April 17, 2024, 9:39am

we dont use react
but Javascript and fetch function to send requests

do you have a Javascript example I can test ?
regards
Stefano

shchienko · April 17, 2024, 12:41pm

We currently don’t have a vanilla JavaScript example.

If you urgently need authorization using the grant_type password, take a look at these topics:

Discussions:

Regards,
Nikita