Hi all,
I'm working on an application where I have the requirement to handle the login through an oAuth2 authorization server. I know there are authentication plugins created by Peter Raganitsch, but I want to create my own code. I have a couple of questions, maybe someone can give me some handles?
I currently have defined an REST service in apex to act as an callback uri, that's working fine. I suppose I can create a login page that refreshes itself to the oAuth2 authentication uri. After login, the callback uri is called. In the callback uri, I have to do a http request to get an access token. That's also already implemented. After that, the access token has to be stored, and somehow my application has to 'know' that the user logged in.
I have these questions:
1. we have 4 separate environments: development, test, accept and production. I don't want want to store the different authentication uri's, client_id's, client secrets etc. in code, but instead want to create application items and make application calculations to give the application items the right value depending the environment. But when the callback function is called after logging in, there's no apex session, so I can't get the value of the application items. How to overcome this?
2. Also, I want to store the access token and refresh token in an collection. But again, there's no apex session.
3. How can I let apex know the user logged in and start an apex session?
4. in the optimal situation, I want to encapsulate all in a plugin. What's the best aproach? There isn't mutch documentation (or at least, I can't find it) about authentication plugins.
Thank you for helping me! btw: I'm on Apex 4.2.5, using ORDS 2.0.9.
Regards,
Tom