1

Discussion of new authorization method (oAuth)

Topic: Discussion of new authorization method (oAuth)

We've implemented new modern and more secure authorization method in Wialon.
Here we will answer all the questions about it and help you to overcome all implementation problems.
Blog article
Instructions file

Solutions Department
Gurtam
2

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Hi, I am trying to figure out how to implement new login details mentioned here

http://weblog.gurtam.com/wp-content/upl … -Authoriza

I am trying to follow below to create token
http://sdk.wialon.com/wiki/en/sidebar/r … oken/token

My api call looks like (in below example userid is replaced with 0s, app name is replaced with myapp  )

http://hst-api.wialon.com/wialon/ajax.html?svc=token/update&params={"callMode":"create","userId":"0000000","h":"","app":"myapp","at":0,"dur":604800,"fl":256, "p":"","items":["":""],"deleteAll":""}

I receive error 4 and not really sure whats wrong with above input. I would really use some help, thanks

3

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Hello.
Parameter "items" should contain array of item ids, for example [1234,568]

Solutions Department
Gurtam
4

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

thanks, and what should I use as item id, my userid or ..?
Because I just tried with my userid and now I get Error 7, while I could succesfully create token using the standart login form(i.e. there is no reason to have my access denied..)

5

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

There is not enough info in docs - we'll add more details.
Parameter "userId" is optional. You can pass id of another user.
Then if you have access right Operate as (0x200000) to this user
you'll create/update/delete tokens of this user.

In your case don't sent userId.
As for "items" - you can pass there id of items you want your token had access to.
There is no need to pass id of current user. You can pass id of resources, units and so on.

Solutions Department
Gurtam
6

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Ok , thanks, but I am not sure about the resources ids I will need to monitor, these may vary within customer account.
This is my real life api url which still returns Error 7 while i can actually create token manually thru the simple form

Any other ideas what might be wrong with this token creation api url?

http://hst-api.wialon.com/wialon/ajax.html?svc=token/update&params={"callMode":"create","userId":"1154069","h":"","app":"mywialonapp1","at":0,"dur":604800,"fl":256,"p":"","items":[],"deleteAll":""}

7

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

This request is for managing tokens after beeing authorized. In most cases you don't need this request.

To authorize to wialon in your app/site now you should use our oAuth form (http://hosting.wialon.com/login.html or http://your.dns.com/login.html).
Example on playground

But if you were successfully authorized by token and then you need to manage tokens of current or other users you have access to - you can use this request.
For example to create manually your new token - use request http://hst-api.wialon.com/wialon/ajax.html?svc=token/update&params={"callMode":"create","app":"mywialonapp1","at":0,"dur":604800,"fl":256,"p":"{}","items":[]}

Solutions Department
Gurtam
8

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

I am also getting error when creating token for different userId using admin authorization. I have authorized the admin using oAuth, got the sid using loginToken. Now when I try to create token for subuser, I get error 7.

What I want is to create token on behalf of subuser and use the generated token to createSession as subuser.

Request:
http://hst-api.wialon.com/wialon/ajax.html?svc=token/update&params={"callMode":"create","userId":"xxxxxxx","app":"","at":0,"dur":604800,"fl":256,"p":"{}","items":[xxxxxxx]}&sid=xxxxxxxxxxx

Response:
{
    "error": 7
}

Its unfortunate that documentation is very vague.  Please suggest how to fix.

9

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

trakfamily wrote:

I am also getting error when creating token for different userId using admin authorization. I have authorized the admin using oAuth, got the sid using loginToken. Now when I try to create token for subuser, I get error 7.

What I want is to create token on behalf of subuser and use the generated token to createSession as subuser.

Request:
http://hst-api.wialon.com/wialon/ajax.html?svc=token/update&params={"callMode":"create","userId":"xxxxxxx","app":"","at":0,"dur":604800,"fl":256,"p":"{}","items":[xxxxxxx]}&sid=xxxxxxxxxxx

Response:
{
    "error": 7
}

Its unfortunate that documentation is very vague.  Please suggest how to fix.

Please check that you were authorized  by admin with full token access rigths : access_type = -1
Also you  should have access right Operate as (0x200000) to this user  to  create/update/delete tokens of this user.

Diana Cheley
Wialon Hosting Expert
Gurtam
10

Discussion of new authorization method (oAuth)

(edited by trakfamily 28/08/2015 19:42:01)

Re: Discussion of new authorization method (oAuth)

chdi wrote:
trakfamily wrote:

I am also getting error when creating token for different userId using admin authorization. I have authorized the admin using oAuth, got the sid using loginToken. Now when I try to create token for subuser, I get error 7.

What I want is to create token on behalf of subuser and use the generated token to createSession as subuser.

Request:
http://hst-api.wialon.com/wialon/ajax.html?svc=token/update&params={"callMode":"create","userId":"xxxxxxx","app":"","at":0,"dur":604800,"fl":256,"p":"{}","items":[xxxxxxx]}&sid=xxxxxxxxxxx

Response:
{
    "error": 7
}

Its unfortunate that documentation is very vague.  Please suggest how to fix.

Please check that you were authorized  by admin with full token access rigths : access_type = -1
Also you  should have access right Operate as (0x200000) to this user  to  create/update/delete tokens of this user.

Dear chdi,
Thank you for your response.
Question: Please check that you were authorized  by admin with full token access rigths : access_type = -1
Answer: I am the creator of the user whose token I want to create. I am using the sid of the creator while calling token/update API above. Can you please suggest do I still need to set access_type = -1 and where I need to to set access_type = -1

Question: Also you  should have access right Operate as (0x200000) to this user  to  create/update/delete tokens of this user.
Answer: I am the creator of the of the user, when I login into cmd.wialon.com and hosting.wialon.com using my login/password, I am able to do "Login as another user" the user so I presume I have all the right.

Awaiting your response, and please excuse if my questions are too basic but I am struggling to create token for my sub-user using API. Please help how can I debug the issue.

11

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

trakfamily wrote:

Answer: I am the creator of the user whose token I want to create. I am using the sid of the creator while calling token/update API above. Can you please suggest do I still need to set access_type = -1 and where I need to to set access_type = -1

If you authorized under user-creator through token , sure you should use the parameter access_type = -1 to get token
For example, http://hosting.wialon.com/login.html?cl … ion=604800
You can find the full parameters for Extend form here http://sdk.wialon.com/wiki/en/sidebar/r … ogin/login

Question: Also you  should have access right Operate as (0x200000) to this user  to  create/update/delete tokens of this user.
Answer: I am the creator of the of the user, when I login into cmd.wialon.com and hosting.wialon.com using my login/password, I am able to do "Login as another user" the user so I presume I have all the right.

Awaiting your response, and please excuse if my questions are too basic but I am struggling to create token for my sub-user using API. Please help how can I debug the issue.

Please also check is it a correct id of elements you set for "userID" and 'items"

Diana Cheley
Wialon Hosting Expert
Gurtam
12

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

chdi wrote:
trakfamily wrote:

Answer: I am the creator of the user whose token I want to create. I am using the sid of the creator while calling token/update API above. Can you please suggest do I still need to set access_type = -1 and where I need to to set access_type = -1

If you authorized under user-creator through token , sure you should use the parameter access_type = -1 to get token
For example, http://hosting.wialon.com/login.html?cl … ion=604800
You can find the full parameters for Extend form here http://sdk.wialon.com/wiki/en/sidebar/r … ogin/login

Question: Also you  should have access right Operate as (0x200000) to this user  to  create/update/delete tokens of this user.
Answer: I am the creator of the of the user, when I login into cmd.wialon.com and hosting.wialon.com using my login/password, I am able to do "Login as another user" the user so I presume I have all the right.

Awaiting your response, and please excuse if my questions are too basic but I am struggling to create token for my sub-user using API. Please help how can I debug the issue.

Please also check is it a correct id of elements you set for "userID" and 'items"

Here are the steps that I performed-

1. To get the token for creator account, I used oauth URL- http://hosting.wialon.com/login.html?cl … ion=604800  and got the access_token for creator account.
2. Logged in with creator account using token/login remote API http://hst-api.wialon.com/wialon/ajax.html?svc=token/login&params={"token":xxxx}, got session id ("eid":xxx) in response.
3. Now to create token for subuser (i.e. of whom on I creator) I called following API-
http://hst-api.wialon.com/wialon/ajax.html?svc=token/update&params={"callMode":"create","userId":"12822687","app":"","at":0,"dur":604800,"fl":100,"p":"{}","items":["12822687"]}&sid=c066e3e906ffb24fda4ee72716f5eb5a 
Where userId and items are the user id of subuser for whom I want to generate token, and sid is the session id (i.e. eid field in step2). But I am still getting Error 7 in response.


Question-1 What does "items" filed in token/update API mean, wialon documentation says "list of item ids with token granted access"? What should I pass to create token for subuser?

Question-2 Can you please suggest what am I doing wrong in above steps? Unfortunately there is no example for http://sdk.wialon.com/wiki/en/sidebar/r … ken/update API in wialon playground.

Questions-3 Has anyone used token/update API at all and found it working?

13

Discussion of new authorization method (oAuth)

(edited by chdi 02/09/2015 01:04:14)

Re: Discussion of new authorization method (oAuth)

Dear trakfamily,

the steps are correct
add some name for parameter "app" - the application name should be defined to authorization
For example,
http://hst-api.wialon.com/wialon/ajax.html?svc=token/update&params={"callMode":"create","userId":"12822687","app":"myapp","at":0,"dur":604800,"fl":256,"p":"{}","items":[]}&sid=your_sid

Also set a correct flag : "f":0x100 in hex or "f":256 in decimal

In field "items" you can define a list of elements id (other users, units, resource ) for which this sub-user will have access rights according with this token
For example,  "f":256 means Online tracking , so sub-user can have bacis acceess rights to "items"

Diana Cheley
Wialon Hosting Expert
Gurtam
14

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Dear Chdi,
   Fixing the "app" parameter did the trick, thank you so much.

Now I am able to generate access_token for subuser using token/update remote API. After getting the token, I am using token/logen remote API to generate "sid" for the subuser (Please note I am running these APIs on server to generate sid for user and pass the sid to client). But looks like this sid does not work on client machine because of IP address change. 
Here is what I want to achieve-
1. On our hosted server, generate sid or access_token for subuser.
2. Pass the link with sid/token (such as http://myserver.com/?sid=xxxxxxx) to customer so that customer can login just by clicking the link(without entering user/password).

Can you please suggest how I can achieve above?

15

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

trakfamily wrote:

Dear Chdi,
   Fixing the "app" parameter did the trick, thank you so much.

Now I am able to generate access_token for subuser using token/update remote API. After getting the token, I am using token/logen remote API to generate "sid" for the subuser (Please note I am running these APIs on server to generate sid for user and pass the sid to client). But looks like this sid does not work on client machine because of IP address change.

the session (sid) is generated for the same IP, the IP shouldn't be dynamic or change

Here is what I want to achieve-
1. On our hosted server, generate sid or access_token for subuser.
2. Pass the link with sid/token (such as http://myserver.com/?sid=xxxxxxx) to customer so that customer can login just by clicking the link(without entering user/password).

Can you please suggest how I can achieve above?

after you generate a token for subuser you can send it to  client side  or you can Create authorization hash and send it to client side

Diana Cheley
Wialon Hosting Expert
Gurtam
16

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Hi, I am developing the windows application (C#) to access the data on Wialon hosting via remote API
I'm implementing login screen with the new authorization way mentioned here "http://sdk.wialon.com/wiki/en/sidebar/r … ogin/login".
I used .netFramework component "WebClient" to post data (sign, uid, pwd,etc) to "http://hosting.wialon.com/oauth.html"
Here is my step
1. access "http://hosting.wialon.com/login.html" then find sign value from the response.
2. post required data to "http://hosting.wialon.com/oauth.html"
3. Login with svc=token/login&params{...}

I was successful for creating token, logging in with token and getting the list of units, but I always received the error code 7 - Access denied when try to load the message with "svc=messages/load_interval".

I feel there is something wrong in a process of generate the token but cannot find the root of the problem.

Do you have any suggestion or sample C# application with Remote API ?

Mr.Teera Koedchan.
Developer, Mobile Innovation (Thailand) Company Limited
“We contribute to society by delivering SECURITY and SAFETY to customers”
17

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

teerak
Check access type parameter you use when create token http://sdk.wialon.com/wiki/en/sidebar/r … cess_flags
Try to change it to -1 (full access)

18

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

shmi wrote:

teerak
Check access type parameter you use when create token http://sdk.wialon.com/wiki/en/sidebar/r … cess_flags
Try to change it to -1 (full access)

Thank you very much, I achieved for loading message.

Additional question
some time I receive the error message "insecure or allowed time expired" when post data to "http://hosting.wialon.com/oauth.html"
Here is a post parameter.
client_id=WialonRemote+API&access_type=-1&activation_time=0&duration=2592000&flags=0&sign=xxxxx2LxRItzQKMpQ=&login=xxxx&passw=xxx&redirect_uri=http://hosting.wialon.com/login.html

Mr.Teera Koedchan.
Developer, Mobile Innovation (Thailand) Company Limited
“We contribute to society by delivering SECURITY and SAFETY to customers”
19

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

It is not allowed to make request to oauth.html without using authorization form. Request didn't perform due to security reasons.
Also if you use authorization form and got such error message - it means that the form was expired (displayed too long without login) and needs to be refreshed.

Solutions Department
Gurtam
20

Discussion of new authorization method (oAuth)

(edited by teerak 18/09/2015 10:40:49)

Re: Discussion of new authorization method (oAuth)

Hi deal,
Could you please suggest how to implement it with windows application (application on PC) or smart phone application?

Mr.Teera Koedchan.
Developer, Mobile Innovation (Thailand) Company Limited
“We contribute to society by delivering SECURITY and SAFETY to customers”
21

Discussion of new authorization method (oAuth)

(edited by deal 18/09/2015 11:20:07)

Re: Discussion of new authorization method (oAuth)

You can generate infinite token using authorization form (access_type -1, dur 0) and then use it in your app without regular direct access to restricted oauth.html.

Solutions Department
Gurtam
22

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

teerak wrote:

Could you please suggest how to implement it with windows application (application on PC) or smart phone application?

You should create WebView or WebBrowser (im not expert in C#) and open http://hosting.wialon.com/login.html in it so user can enter login and password.
Next step - detect redirect or url change, parse it, check for errors and get token
Then you can store token in your app and use it for authorization

23

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

shmi wrote:
teerak wrote:

Could you please suggest how to implement it with windows application (application on PC) or smart phone application?

You should create WebView or WebBrowser (im not expert in C#) and open http://hosting.wialon.com/login.html in it so user can enter login and password.
Next step - detect redirect or url change, parse it, check for errors and get token
Then you can store token in your app and use it for authorization

Thank you very much.

Mr.Teera Koedchan.
Developer, Mobile Innovation (Thailand) Company Limited
“We contribute to society by delivering SECURITY and SAFETY to customers”
24

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

shmi wrote:
teerak wrote:

Could you please suggest how to implement it with windows application (application on PC) or smart phone application?

You should create WebView or WebBrowser (im not expert in C#) and open http://hosting.wialon.com/login.html in it so user can enter login and password.
Next step - detect redirect or url change, parse it, check for errors and get token
Then you can store token in your app and use it for authorization

In our  Android application, User (mostly an administrator, not an operator - reason: operator shouldn't know Wialon username and password) set Wialon User and Password in first run of application (in application setting) and then application use Remote API to work. With core/login we did it without no problem, but with Token i really don't know how should do it. How should our app send username and password to give token?!!!
Please help us in this case.

25

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

hhamedk
You should add WebView with the authorization form (http://hosting.wialon.com/login.html) to your app, where user can enter his name and password. After, you should handle redirects (http://stackoverflow.com/questions/4066 … -a-browser), and parse  token from url, and save it. Later you can use this token with method token/login like you use login&password with core/login method.
You can find some implementation examples on GitHub(for example https://github.com/wuman/android-oauth-client).

Mobile Development
Gurtam