Using oj.OAuth in Your Oracle JET Application

You can use the oj.OAuth plugin to manage access to client (end user) private data. The Oracle JET API includes the OAuth class which provides the methods you can use to initialize the oj.OAuth object, verify initialization, and calculate the authorization header based on client credentials or access token.

Topics:

Initializing oj.OAuth

You can create an instance of a specific oj.OAuth object using the oj.OAuth constructor:

new OAuth(header, attributes)

The attributes and header parameters are optional.

Parameter Type Description

header

String

MIME Header name. Defaults to Authorization

attributes

Object

Contains client credentials or access/bearer token.

Client credentials contain:

  • client_id (required): public client Credentials

  • client_secret (required): secret client credentials

  • bearer_url (required): URL for token bearer and refresh credentials

  • Additional attributes as needed (optional)

Access/bearer tokens contain:

  • access_token (required): Bearer token

  • Additional attributes as needed (optional)

The code sample below shows three examples for initializing oj.OAuth.

// Initialize oj.OAuth with client credentials
var myOAuth = new oj.OAuth('X-Header', {...Client credentials...});

// Initialize oj.OAuth with token credentials
var myOAuth = new oj.OAuth('X-Header', {...Access/Bearer token...});

// Initialize oj.OAuth manually
var myOAuth = new oj.OAuth();

If you choose to initialize oj.OAuth manually, you can add the client credentials or access/bearer token using methods shown in the following code sample.

// Initializing client credentials manually
myOAuth.setAccessTokenRequest({...Client Credentials ...});
myOAuth.clientCredentialGrant();

// Initializing access bearer token manually
myOAuth.setAccessTokenResponse({...Access Token...});

The OAuth API also includes methods for getting and cleaning the client credentials or access tokens. For additional information, see the oj.OAuth API documentation.

Verifying oj.OAuth Initialization

Use the isInitialized() method to verify that the initialization succeeded.

var initFlag = myOAuth.isInitialized();

Obtaining the OAuth Header

Use the getHeader() method to get the OAuth header. The method calculates the authorization header based on the client credentials or access token.

// Client credentials
var myOAuth = new oj.OAuth('New-Header', {...Client credentials...});
var myHeaders =  myOAuth.getHeader();

// Access token
var myOAuth = new oj.OAuth('New-Header', {...Access/Bearer token...});
var myHeaders =  myOAuth.getHeader();

// Manual initialization, client credentials
var myOAuth = new oj.OAuth();
myOAuth.setAccessTokenRequest({...Client credentials...});
var myHeaders =  myOAuth.getHeader();

// Manual initialization, access token
var myOAuth = new oj.OAuth('New-Header', {...Access/Bearer token...});
var myHeaders =  myOAuth.getHeader();

Using oj.OAuth with Oracle JET Common Model

You can add the oj.OAuth object to your viewModel, either embedded or as an external plugin.

Topics:

Embedding oj.OAuth in Your Application's ViewModel

The code sample below shows how you could embed the oj.OAuth object in your ViewModel. This example initializes oj.OAuth with client credentials.

function viewModel() {
  var self = this;
  ...
  self.myOAuth = new oj.OAuth('X-Authorization', {...Client credentials...});
 
  var tweetModel = oj.Model.extend({
     ...
  });
  var myTweet = new tweetModel();
  ...
  var tweetCollection = oj.Collection.extend({
     model: myTweet,
     oauth: self.myOAuth, // using embedded feature
     ...
  });
  self.myTweetCol = new tweetCollection();
  ...
  self.myTweetCol.fetch({
     success: function(collection, response, options) {
        ...
     },
     error: function(jqXHR, textStatus, errorThrown) {
        ... // process errors
     }
  });
}

To embed the oj.OAuth object in your ViewModel and initialize it with a bearer/access token:

function viewModel() {
  var self = this;
  ...
  self.myOAuth = new oj.OAuth('X-Authorization', {...Access/Bearer token...});
 
  var tweetModel = oj.Model.extend({
     ...
  });
  var myTweet = new tweetModel();
  ...
  var tweetCollection = oj.Collection.extend({
     model: myTweet,
     oauth: self.myOAuth, // using embedded feature
     ...
  });
  self.myTweetCol = new tweetCollection();
  ...
  self.myTweetCol.fetch({
     success: function(collection, response, options) {
        ...
     },
     error: function(jqXHR, textStatus, errorThrown) {
        ... // process errors or insert new access_token and re-fetch
     }
  });
}

Adding oj.OAuth as a Plugin in Your View Model

The code sample below shows how you could add the oj.OAuth object as a plugin in your viewModel. This example initializes oj.OAuth with client credentials.

var viewModel() {
  var self = this;
  ...
  self.myOAuth = new oj.OAuth('X-Authorization', {...Client credentials...});
 
  var tweetModel = oj.Model.extend({
     ...
  });
  var myTweet = new tweetModel();
  ...
  var tweetCollection = oj.Collection.extend({
     model: myTweet,
     ...
  });
  self.myTweetCol = new tweetCollection();
  ...
  self.preFetch = function() {
     var header = self.myOAuth.getHeader();
     $.ajaxSetup({
        beforeSend: function (xhr){
           for(var hdr in header ) {
              if(header.hasOwnProperty(hdr))
                 xhr.setRequestHeader(hdr, header[hdr]);
              }
           }
        }
     });
     self.myTweetCol.fetch({
        success: function(collection, response, options) {
           ...
        },
        error: function(jqXHR, textStatus, errorThrown) {
           ... // process errors
        }
     });
  }
}

Integrating oj.OAuth with Oracle Identity Management (iDM) Server

Oracle iDM servers use a two-legged authorization (Resource Owner Password Credentials Grant). In addition, the iDM servers require that you do the following:

  • Keep client credentials on your own proxy server. If you don't have one, you must create one.

  • iDM servers use a non standard authorization header and require that Authorization:access_token be used instead of Authorization: Bearer access_token. To supply the custom header, you must rewrite the OAuth header for specific Authorization using the getHeader() method.

    The code except below shows an example that adds the oj.OAuth object with a modified header to the application's viewModel.

    function viewModel() {
      var self = this;
      self.bearer = {
        access_token: ...,
        token_type: "Bearer",
        expires_in: ...
        ...
      }
       ...
      self.myOAuth = new oj.OAuth();
      // Rewrite oAuth header for specific Authorization
      self.myOAuth.getHeader = function() {
        var headers = {};
        headers['X-Authorization']=self.bearer.access_token;
        return headers;
      }
      var idmModel = oj.Model.extend({     ...  });  var myIDM = new idmModel();  ...  var idmCollection = oj.Collection.extend({     model: myIDM,     oauth: self.myOAuth, // using embedded feature     ...  });  self.myIDMCol = new idmCollection();  ...  self.myIDMCol.fetch({     success: function(collection, response, options) {
         ...
         },
         error: function(jqXHR, textStatus, errorThrown) {
            ... // process errors or insert new access_token and re-fetch
         }
      });
    }