We need Need to open a browser for SSO login when the writer access plugin functionalities

[vishwavaranasi]

Hello team , we have a requirement that we need Need to open a browser for SSO login when the writer access plugin functionalities , and once the user authenticated the redirection or the control back to the class xxWorkspaceAccessPluginExtension implements WorkspaceAccessPluginExtension

please help us to implement the same.

Thanks,
vishwa

[cristi_talau]

Hello,

I assume that you have a plugin for Oxygen XML Editor that connects to a server that has OAuth support and you want to use this support to authenticate the user.

First of all, there are multiple OAuth grant types [1] and the recommended one for a Native Application (Oxygen XML Editor falls in this category) is the PKCE workflow [2].

To open a browser you can use the following API: ro.sync.exml.workspace.api.WorkspaceUtilities.openInExternalApplication(). If you have more specific questions, please let us know.

Best,
Cristian

[1] https://oauth.net/2/grant-types/
[2] https://oauth.net/2/pkce/

[vishwavaranasi]

Thanks for the reply ,
is there any samples in oxygenxml to connect plugin for Oxygen XML Editor that connects to a server that has OAuth support?

We have a plugin where the user clicks one of the Menu Options ..we want the redirection to Oauth login page , here question is once we have the access token from Oauth server , how do we can use the user credentials ..i Mean this is a purely desktop application right ..how do we maintain the session details like username for the user who logged ?

do we have any samples in oxygenxml that we can start looking?

Thanks for your help.

Thanks,
vishwa

[cristi_talau]

Hello,

Unfortunately we do not have any public samples that implement the OAuth flow.
Once you have the token in the Web browser to send it to the Oxygen desktop application there are several approaches:
1. Use an Oxygen plugin to open a server on localhost and make a POST request to that server.
2. Use a public server where the Web browser posts the token and Oxygen desktop application queries to retrieve it (maybe once every 2 seconds).

Once you have the OAuth token in the Oxygen application, you can make a request to the server to find the name of the current user.

Best,
Cristian

[vishwavaranasi]

Thanks Cristian,
as a initial start i wanted to use Google OAuth Credentials to verify the user who tries to access the oxygen plugin , is this possible?
would you please help me if any samples or blogs that i ca refer for this implementation?

Thanks,
vishwa

[Gabriel Titerlea]

Hello,

We don't have an example plugin but I think the documentation from google is a good resource for your use-case: https://developers.google.com/identity/ ... native-app
This together with the ro.sync.exml.workspace.api.WorkspaceUtilities.openInExternalApplication() API, mentioned by Cristian, can be a starting point.

Best,
Gabriel

[vishwavaranasi]

Thanks

how do we get the instance of WorkspaceUtilities to call this ro.sync.exml.workspace.api.WorkspaceUtilities.openInExternalApplication

tried searching forum didn't find anything , Thanks.

[vishwavaranasi]

please ignore my previous post/comment

i got to know how to invoke openInExternalApplication

[vishwavaranasi]

Hello here ,
I have opened a web page on local host from my plugin as below

pluginWorkspaceAccess.openInExternalApplication("http://localhost:8080/OauthBasicWebApp/index.jsp", false, "text/html"); where pluginWorkspaceAccess is object of StandalonePluginWorkspace

this is opened a browser , index.jsp has the google sign-in , it does the authenticated and authorized , so question here , how do we return back the control from external page to again back to plugin ?


please help us here?

[Gabriel Titerlea]

Hello,

Google recommends [1] showing a message that instructs the user to close the browser and return to your app.

Best,
Gabriel
[1] https://developers.google.com/identity/ ... i_loopback

[vishwavaranasi]

Thanks Gabriel,

is this also applicable in case of our oxygen plugins ?, for example we have our own authorization/authentication server (not google sing-in )to talk to and once the user is a valid user
is it recommended that user closes the browser and return back to oxygen plugin for further work to do?

[Gabriel Titerlea]

Hello,

is it recommended that user closes the browser and return back to oxygen plugin for further work to do?

For Oxygen any flow is acceptable. The answer depends on the user-experience you want to provide to plugin users.

Ideally the user would be returned to the app (Oxygen Plugin) automatically after the authentication flow is completed.
But to do that you would have to register a Custom URL scheme (which is a cumbersome process), as described in https://datatracker.ietf.org/doc/html/rfc7636#section-1

The Custom URL Scheme would start Oxygen with a given URL. And you could handle that in your plugin by registering an editorAboutToBeOpenedVeto event: https://www.oxygenxml.com/InstData/Edit ... a.net.URL-

This post might prove useful: https://clarifyforme.com/posts/56446141 ... ative-apps

Best,
Gabriel