How to setup Oauth 2.0 between Notes/Domino Social Edition 9.0 custom Playground and Custom Connections 4.5

Question

i need a complete procedure on how to setup Oauth 2.0 authentification between my own IBM/Notes/Domino/XPages apps and my own Connections 4.5 server (no greenhouse or quick start connections over the web)

Have installed both are on the same machine same host name with different ports : Connections 4.5 (HTTP 80/HTTPS 443) Running secure mode ok Domino 9 (HTTP 8088/ HTTPS 44388) Accessing Connections in SSL works fine. Runnig XPages SSL/Domino with specific ports too.

Follow the IBM SBT docs :

http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.5+Documentation#action=openDocument&res_title=Registering_an_OAuth_client_with_a_provider_ic45&content=pdcontent

Create a credential on the WAS 8.0.0.6 :

http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.5+Documentation#action=openDocument&res_title=Managing_the_client_application_list_ic45&content=pdcontent

but have question about the redirecturi to specify when creating credentials ? {opensocialSvcUrl}/gadgets/oauth2callback" stated is for gadget only no ?

Question is how to create correct credential in websphere and how to configure it in the SBTPayground.nsf Lotus application (Open NTF) to succesfully log in via OAuth2.0 (only basic authentication works...)

Thanks for any help.

Answer 1

create a file such as /local/qsi/bin/conx/oauthQSI.py

input these lines

import sys
execfile('oauthAdmin.py')
OAuthApplicationRegistrationService.addApplication(sys.argv[0],sys.argv[1],sys.argv[2])
clientSecret =     OAuthApplicationRegistrationService.getApplicationById(sys.argv[0]).get('client_secret')
print clientSecret

Then change directory to you connection deployment manager profile cd ${CON_PROFILE_DM}/bin/

Run this command ${CON_PROFILE_DM}/bin/wsadmin.sh -user $USER -password $PASSWORD -lang jython -port 8879 -conntype SOAP -f /local/qsi/bin/conx/oauthQSI.py $CLIENTID $APPID $URL

$CLIENTID = playground 
$APPID = playground 
$URL = https://XYZ.com/sbtplayground.nsf/xsp/.sbtservice/oauth20_cb

You can then edit the evironment properties to point to the echod clientsecret and the connections server at https://abc.com:444/oauth2/endpoint/connectionsProvider/authorize https://abc.com:444/oauth2/endpoint/connectionsProvider/token

if it fails saying filter invalid, make sure (if the cert is self signed) that you import it into the trust store for the cell you have on WebSphere

Answer 2

Here is the documentation to register an application with the Connections OAuth 2 provider. For step c the parameters are pretty self explanatory but you need to know the callback URL. The callback URL for the playground is /SBTPlayground.nsf/xsp/.sbtservice/oauth20_cb