26

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Our  problem is that we can't use WebView as i mentioned. Because username and password should set by Administrator not user or operator and also username and password sent from our server side in a encrypted file, application use file, read username and password, store them and use them for future login. So, should forgot WebView completely. But thanks.
Any other idea?

27

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

hhamedk If you have a session on your server side, you can create tokens by calling token/update method with callMode=create. After you can send them to your application and use them for future login.

Mobile Development
Gurtam
28

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

We finally found a way. I call http://hosting.wialon.com/login.html and get response, then i extract sign from this response, then i set parameters and send for http://hosting.wialon.com/oauth.html, in response I get html string that contains "authorization success" . But i can't get token from response, i should get token from new url that android can't get it (or i don't know how). How can I get token in response?

29

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

This is wrong way. You shouldn't extract sign parameter and execute /oauth.html request by yourself. It is restricted and if it works now - you can't be sure that it will work tommorow. In your sites/apps you should use authorization form to generate token. If there is problem to show form in some app - you can generate infinite token (duration 0) with full access (access_type -1) and use it insted of login and password. Using this token you can authorize and do everything including generation of new tokens for subusers.

Solutions Department
Gurtam
30

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Is there a possibility to create a Token from CMS or Monitoring panel?

31

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

I have two question:
1. If we create a infinite Token is it possible to use it in our application as you mentioned? does Token work with any IP? Our application will install on an android smart phone and IP address will change time to time.
2. You developed new authentication way to increase security level. Don't you think creating a infinite Token has lower security level than even old authentication?

32

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

There is no such interface in CMS or Monitoring. You can only view or remove tokens in user's menu -> Manage Applications.
But you can generate such token using authorization form with such request:
http://hosting.wialon.com/login.html?cl … mp;flags=6

Solutions Department
Gurtam
33

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

1. You can use generated token in any your apps on any IP.
2. We don't think so. Even infinite token can be removed anytime by owner.
New authorization method is much better and safer than old one.
We'll continue to make it better.

Solutions Department
Gurtam
34

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Hello,

We're trying to add the new OAuth autorization in your custom application who is running in background on our server, but we're have a bug and need you help on this issue.

For our application who is running in background on our server.

How we need to use the authorization method in background on our server ?

What is the code to use in background on our server ?

How we can have a warranty that we have obtain a token and our service continue to work in background ?

35

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

In your sites/apps you should use authorization form to generate token. (You can show it using WebView component or equivalent one)
If there is problem to show our form in some app - you can generate infinite token (duration 0) with full access (access_type -1) and use it insted of login and password.
Using this token you can authorize and get sid. And then your app can execute request using this sid.
You can refer to docs at http://sdk.wialon.com/wiki/ru/sidebar/r … ogin/login
and examples at http://sdk.wialon.com/playground/  (last 3 examples)

Solutions Department
Gurtam
36

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

deal wrote:

For our application who is running in background on our server.

Usually background services with deprecated core/login works in following way:

  • somewhere in code or config login/password is specified
  • when app launches - login/password is used for core/login
  • when core/login succeeded - use sid from it for next Remote API requests

If you app work as writen, here's steps how to use new OAuth autorization:

  • Generate token - only once
    To get token you can use playground sample or directly  this form. Please check that access_type grant enough rights (use access_type=-1 to grant full rights) and duration=0 (infinite token, the only restriction - use it for login minimum once per 100 days).
  • Specify token in code/config
    Replace old login/password in your code or config with new just received token.
  • Use token/login instead of core/login
    Replace deprecated core/login with token/login method and token from config. No other changes needed, responses for these request are the same.
  • Validate login result
    If token/login returned error - it means that token became invalid. You need to have kind of notification for this situation and generate new token and specify it in config

We have several projects that uses this logic, everything works fine. Please ask if need some clarification.

37

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Hi,

Do you have a sample of code in C# who use this logic to validate if the token has expired ?

Thanks
Regards

38

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

NTS wrote:

Do you have a sample of code in C# who use this logic to validate if the token has expired ?

Sorry, we dont use C#.

But logic is pretty easy: you have to check if 'error' key exists in token/login request. Here's pseudo code (just sample, not a real program)

// constants
url = "http://hst-api.wialon.com/wialon/ajax.html";
token = "79c8a862473fef040c011e5d40a36e3a4DA1F0E9ABF237D20E89AA7BAA4480FCBBA92915";

// RemoteApi request
request = Request(url + "?svc=token/login&params={token:'" + token + "'}");

// exec token/login and get response
response = request.send();

// parse response json
response = Json.parse(response);

// check "error" key exists
if (response.hasKey("error")) {
   if  (response.getValue("error") == 7 || response.getValue("error") == 8) {
      // invalid token
      return
   } else {
      // other login error, try to login again
   }
} else {
   // token is valid
}
39

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

I use C#  and I use the everlasting tokens option with below code to check and delete if too many tokens are created . Hope this helps

List<tokens> tokenslist = ser1.Deserialize<List<tokens>>((new WebClient()).DownloadString(urlCheckTokenCount));
                
                if (tokenslist.Count > 900)//max allowed number of tokens per user is 1000, I use to delete them if they exceed 900; 
                {//will delete only tokens under this app name and this user
                   
                    for (int i = 0; i < 900; i++)
                    {
                        string currenttokenappname = tokenslist[i].app;
                        if (string.Compare(currenttokenappname, appname) == 0)
                        {
                            string currenttoken = tokenslist[i].h;

                            if (string.Compare(currenttoken, token) != 0)//skip current token , delete all the rest, 
                            {
                                string urlDeleteToken = wialonurlfix + "ajax.html?svc=token/update&params=" +
                                "{\"callMode\":\"delete\",\"userId\":\"" + userid + "\",\"h\":\"" + currenttoken + "\",\"app\":\"" + appname + "\",\"at\":0,\"dur\":0,\"fl\":256,\"p\":\"{}\",\"items\":[],\"deleteAll\":\"\"}";

                                string tokendel = (new WebClient()).DownloadString(urlDeleteToken);  
                            }
                        }
                    }
                }
40

Discussion of new authorization method (oAuth)

(edited by Desarrollo 02/10/2015 18:34:53)

Re: Discussion of new authorization method (oAuth)

Hi Everybody.
We are having problems with JAVA API loggin.
Anyone could help me to login again using the new way (not with JavaScript)

This is the code we are using:

private void login()
    {       
        session.initSession("https://hst-api.wialon.com"); //http://kit-api.wialon.com   http://hst-api.wialon.com http://track.folgen.mx "https://hst-api.wialon.com"
        System.out.println("Inicio");
        session.login("","", new ResponseHandler() {
            @Override
            public void onSuccess(String response) {
                super.onSuccess(response);
                System.out.println(String.format("El usuario es:  %s", session.getCurrUser().getName()));
                //JOptionPane.showMessageDialog(null,"Conectado");
                searchGroups();         
            }
            @Override
            public void onFailure(int errorCode, Throwable throwableError) {
                super.onFailure(errorCode, throwableError);
                System.out.println(Errors.getErrorText(errorCode));
                 //logout();
                //JOptionPane.showMessageDialog(null,"Error");
            }
        });   
    }

41

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Desarrollo, please update your Java SDK to the latest version from GitHub and use

Session.loginToken()

method instead of

Session.login()
Mobile Development
Gurtam
42

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Hello Kopa!

I'm using the wialon-sdk- 1.2.39.jar, do you have the lastest version? or how can to update this code?

43

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Hi Everybody!!

Somebody knows if the jar file to JAVA API will be liberate with the most recently update ?   i use the wialon-sdk-1.2.39.jar

44

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Desarrollo wrote:

Hi Everybody!!

Somebody knows if the jar file to JAVA API will be liberate with the most recently update ?   i use the wialon-sdk-1.2.39.jar

there is the last version on GitHub
try to apply method as recommended above

Diana Cheley
Wialon Hosting Expert
Gurtam
45

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Desarrollo
Yes, please download latest version from attachments. We'll update this at sdk.wialon.com as soon as possible.

Post's attachments

Attachment icon wialon-sdk-1.3.57.jar 147.1 kb, 138 downloads since 2015-10-05 

Mobile Development
Gurtam
46

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Hi Kopa!!

Thank you so much for provide the jar file.

Approximately when will have the updated documentation? We need to delivery  these days and require this documentation, or if we can provide the new way to authenticate would be helpful. I'm develop by the code simple in http://sdk.wialon.com/wiki/en/sidebar/j … les/search


I hope your comments.

Thanks in advance.

47

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Desarrollo
Wialon Java SDK and examples updated at sdk.wialon.com, please see updated example which use loginToken method.

Mobile Development
Gurtam
48

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

Thank you Kopa!!

I have a questión, token parameter will be static? , not exist method to generate token?, ¿Where i have to generate this token? i paste the code

session.loginToken("2fe8024e0ab91aa6c8ed82717b71bddcECDC362358DF7D90986F5173D405CD0D42DE7B38", new ResponseHandler() {....

I hope your comments!
Thanks!

49

Discussion of new authorization method (oAuth)

Re: Discussion of new authorization method (oAuth)

If you want to use static token, please see post#36

shmi wrote:

...
Generate token - only once
To get token you can use playground sample or directly  this form. Please check that access_type grant enough rights (use access_type=-1 to grant full rights) and duration=0 (infinite token, the only restriction - use it for login minimum once per 100 days).
...

Otherwise you should use authorization form in your application to generate token, please see post #1

Mobile Development
Gurtam
50

Discussion of new authorization method (oAuth)

(edited by vinod.porwal 08/10/2015 09:42:47)

Re: Discussion of new authorization method (oAuth)

Hi,
We are trying to integrate the new authorization in our phonegap application using javascript but we are not able to get it through. Window event message is not getting called.
Please let us know option to integrate new authorization in phonegap.

thanks in advance.

regards,
vinod