Define Authenticator

We have defined the connector in the previous step, and we have noticed that it uses an authentication element , so let’s define this element .

The purpose of Authentication

An authenticator is used to configure requests used for authentication purposes. One authenticator can be used with multiple connectors. Currently, it supports two types of authentication Oauth-2 and basic.

auth form

Elements of Authentication

  1. App : use axelor application plugin

  2. Name of authentication : the name of the authentication ( Required) .

  3. Authenticate ( button ) : it will call the selected ‘Auth request’ and store its result inside ‘Auth response’. If the authentication is successful it will check the ‘Authenticated’ checkbox.

  4. Authenticated : a checkbox that is auto checked when the authentication is successful.

  5. Authentication request : the api request for authentication.

  6. Auth response : text field to store response by calling authentication request.

  7. Auth type : type of the authentication, which is basic in basic authentication.

Authentication type

Authentication is the process of verifying the identity of a user or an entity. There are several authentication methods commonly used , the web Service project supports two major types Basic Auth and Oauth2

Basic authentication

Basic Authentication is a simple authentication mechanism where the client includes a username and password in the request headers. The server verifies the credentials by comparing them to a stored username and password combination. However, it is important to note that Basic Authentication sends the credentials in plain text, which makes it susceptible to interception if used over unsecured channels. Therefore, it is recommended to use Basic Authentication over secure connections (e.g., HTTPS).

Example request headers for Basic Authentication:
GET /api/resource HTTP/1.1
Authorization: Basic base64(username:password)

In web Service project we used also the basic authentication with two-way , the standard way is to provide the username and the password , but we can use it with another way with provide a request authentication , it is possible that the server used for authentication is using a custom authentication method or implementing a variant of Basic Authentication where the credentials are passed in the request body or the headers.

Standard Basic authentication

Basic authentication

When select the basic authentication , two fields appear ( username , password ), we can add an authentication request to do a custom authentication to an API .

When select an authentication request (a custom authentication) , the username and password fields will disappear .

Custom Authentication

When we add a request authentication , a field appear to chose between two modes : Token and Cookie

Basic authentication
  • Cookie : That means the token is saved as a cookie in the headers of the response’s request authentication .

  • Token : In many implementation of creation sessions of authentication , there is always some custom implementation , that’s mean we can not find the token in the headers or in the cookies , but we can find it in the body of the response , for that we need to add the name of the attribute in the body response to extract the token .

Basic authentication

Oauth authentication

OAuth 2.0 is an authorization framework that allows users to grant limited access to their protected resources (such as data or APIs) to third-party applications without sharing their credentials directly. It provides a secure and standardized way for users to authorize external applications to access their resources on their behalf. This is the most common type of authentication currently used for api authentication. It allows specific permission as per need.

Oauth authentication
  1. Auth request : It is an api request to open permission consent window where users authenticate the necessary permission.

  2. Token request : On success of Auth request it will call this token request to get an authentication token.

  3. Refresh token request : This request is used to get a new authentication token when the previous token is expired.

You can see the result of the execution of the auth request and the token request and the refresh token request in the panel bellow the screen .