Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Refinitiv Data Platform /
avatar image
REFINITIV
Question by cory.schmidt.1 · Oct 30, 2019 at 10:44 PM · edpoauth2ipdp

Is it possible to retrieve an OAuth token using an iPlanetDirectoryPro cookie from a user session?

I'm working on an Eikon add-on (desktop, thick client) that uses AAA to log in and entitle users. We're transitioning some of our services to the Elektron Data Platform which requires an OAuth2 token. We want to use the iPlanetDirectoryPro cookie/token which was created when the user previously logged in. In reading the API documentation it looks like Implicit Grant is what we want (https://developers.refinitiv.com/article/oauth-grant-types-elektron-data-platform) but I haven't been able to find an example of exactly what I'm trying to do.

The auth/oath2/v1/authorize endpoint will take an iPDP cookie but requires a redirect URL to handle extracting the token. We're a desktop app so we can't provide that. The auth/oath2/v1/token endpoint will return a token but requires a username and password. Is there an endpoint that will take an iPDP cookie and return a token?

People who like this

0 Show 0
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

5 Replies

  • Sort: 
avatar image
REFINITIV
Best Answer
Answer by Gurpreet · Oct 31, 2019 at 05:59 PM

I was incorrect about not needing a redirect_uri. It is required and you can use localhost here to capture the 302 HTTP response.

So, your request from desktop app will look like:

GET https://api.refinitiv.com/auth/oauth2/v1/authorize?client_id=****&response_type=token&scope=trapi&state=****&redirect_uri=https://localhost:9999 HTTP/1.1
Host: api.refinitiv.com
User-Agent: curl/7.59.0
Accept: */*
Cookie: iPlanetDirectoryPro=****
and the response message will contain the access token:
HTTP/1.1 302 Found
Date: Thu, 31 Oct 2019 17:52:10 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: https://localhost:9999#access_token=****&expires_in=300&token_type=Bearer&scope=****&state=****
X-Amzn-Trace-Id: Root=1-5dbb1f49-13106f15889270e68dcaf913
X-Served-By: region=us-east-1; cid=dcab979a-1ca9-4bf7-8982-21dde3066551
X-Tr-Requestid: 8265728c-23ac-48e0-ab5f-1b4b6400df0b


Comment
cory.schmidt.1

People who like this

1 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Gurpreet · Oct 30, 2019 at 11:27 PM

It should be possible to use Authorization Code or Implicit grant for desktop applications. See an example for a browser based Single Page Application. A similar approach can also be taken with mobile or a desktop app.

@Olivier DAVANT, @pierre.faurel, any other recommendations for a seamless signin between Eikon and EDP?

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by cory.schmidt.1 · Oct 31, 2019 at 02:06 PM

The article you linked to contains the following paragraph:

"In any case, with both the Implicit Flow as well as the Authorization Code Flow with no secret, the server must require registration of the redirect URL in order to maintain the security of the flow."

That leads me to believe that I would still need a redirect in order to maintain security. I haven't found any documentation around already having a token/code and exchanging for an OAuth token.

I can't imagine we are the only group dealing with this problem as other Eikon components are also transitioning. It's just a matter of finding the right guidance. :-)

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Gurpreet · Oct 31, 2019 at 04:55 PM

You should talk directly to AAA and STS teams who can advise on the correct approach.

For oauth2/v1/authorize endpoint for Implicit grant redirect_uri is not a required parameter, you can pass in the response_type = token with your IDP cookie to exchange it for an Access token.

I tried it and it works.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by cory.schmidt.1 · Nov 01, 2019 at 02:18 PM

Brilliant! That worked perfectly. Also, in case this helps anyone else, make sure you don't allow redirects in the request.

Thanks!

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
7 People are following this question.

Related Questions

oauth2 CLIENT_ID

What does "Number of user subscription exceed the limit" mean and how can it be resolved?

When does Historical Pricing via RDP date back to? How frequently is the latest data updated and retrievable?

EDP Symbology API details

what types of data are available through Elektron (EDP)

  • Feedback
  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Careers
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Calais
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Electronic Trading
    • Generic FIX
    • Local Bank Node API
    • Trading API
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • Refinitiv Data Platform
    • Refinitiv Data Platform Libraries
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRIT
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • World-Check Data File
  • Explore
  • Tags
  • Questions
  • Badges