Aidbox supports 3 types of Oauth authorization:

  1. Implicit for browser-based or mobile apps
  2. Authorization Code for apps running on a web server
  3. Client credentials for application access

There is available by default implicit client with id site. You can view a list of available clients, add new or edit existing clients on the Client page in the box dashboard. See RFC6749 for more information about OAuth 2.0 authorization.

Implicit

Let's check that there is existing default client of type implicit and with the client_id = site.

  1. Open the Clients tab.
  2. Select a record named site.
  3. Check that the clientid is site_.

In order to test implicit authorization, let's add a new policy that will be checking for implicit client with the client_id = site.

{
 "required" : [ "client" ],
 "properties" : {
   "client" : {
     "type" : "object",
     "properties" : {
       "client_id" : {
         "constant" : "site"
       }
     }
   }
 }
}
  • Deploy your aidbox and after receiving a message about successful deploy, visit your app at the URL generated from the box name - e.g. https://mysuperapp.aidbox.io for the mysuperapp box.
  • Ensure that you have added a user for the box (see http://aidbox.github.io/site/docs/Users_and_Groups.html for instructions). E.g. a user with login = .
  • Click the Sign in link.
  • You will see a login form labeled Allow site to use your account where site is the name of your client.
  • Log in with the box user credentials (not your aidbox account credentials).
  • You will see Patients list page.

Authorization Code

In order to test the Authorization Code type of authorization, you will need a tool for testing RESTful requests. For example Postman.

Let's add a new client with the Authorization Code type.

  1. Open the Clients tab.
  2. Click the plus button
  3. Fill in the fields:
  • Name = auth_code
  • Client Id = auth_code123
  • Client Secret = pwd
  • Redirect Uri = localhost, www.getpostman.com
  1. Click the Create button

Let's add a new policy that would allow an access for all clients.

  1. Open the Policies tab;
  2. Click the plus button;
  3. Fill in the fields Id, Title, Type, Policy;
  4. Click the Create button.
{
  "required" : [ "client" ],
  "properties" : {
    "client" : {
      "type" : "object"
    }
  }
}
  • Open Postman.
  • Select Type = OAuth 2.0
  • GET = https://yourboxname.aidbox.io/users
  • Fill in the following fields:

  • Auth URL = https://yourboxname.aidbox.io/oauth/authorize

  • Access Token URL = https://yourboxname.aidbox.io/oauth/token
  • Client ID = auth_code123
  • Client Secret = pwd
  • Grant Type = Authorization Code

  • Click the Request Token button.

  • You will see a login form labeled Allow authcode to use your account where authcode is the name of your client.
  • Log in with the box user credentials (not your aidbox account credentials).
  • Click on Token Name in order to add the token to the request URL.
  • Click the Send button.
  • Check the request body below.
  • You will see something like:
[
  {
    "id": 1,
    "status": null,
    "email": "boxuser1@gmail.com",
    "data": "null",
    "groups": null,
    "group-ids": []
  }
]

Client credentials

Let's add a new client with the Client credentials type.

  1. Open the Clients tab.
  2. Click the plus button
  3. Fill in the fields:
  • Name = client_credentials
  • Client Id = client_credentials123
  • Client Secret = secret
  • Redirect Uri = localhost, www.getpostman.com
  1. Click the Create button

Ensure that there is the policy:

{
  "required" : [ "client" ],
  "properties" : {
    "client" : {
      "type" : "object"
    }
  }
}

Fill in the following fields:

You will see something like:

[
  {
    "id": 1,
    "status": null,
    "email": "boxuser1@gmail.com",
    "data": "null",
    "groups": null,
    "group-ids": []
  }
]