Allowing third-party applications access to data via the OAuth2 protocol
Allow third-party applications to ask your IBM® Connections users for access to their data.
IBM Connections now supports the OAuth 2.0 standard authorization protocol. Third-party applications ("consumer" applications) can use a combination of OAuth and the IBM Connections API to access IBM Connections data.
Before a consumer application can access a user's IBM Connections data, an IBM Connections administrator must register the application. Then the user must give the application permission. Once a consumer application is registered and has permission it can employ the user's data, and push its own data to a user's status updates. "IBM Connections data" here means all of the user's data, including photographs, personal profile information, and any content they have added anywhere. For example, a social networking application could display a user's profile picture and personal information. It could also push status updates the user makes in the consumer application to the IBM Connections activity stream and status updates.
As an IBM Connections administrator you create and manage a list of registered consumer applications. List membership might depend upon agreements with the consumer application companies. You can use commands to add, edit, view information on, count, and delete consumer applications from the list.
When users open the consumer application they are prompted to give or deny the application permission to access the user's IBM Connections data. Permission is granted by a token which expires in six months if not renewed by the user. When a permission expires users must visit the consumer application again and go through the authorization process. Users also can remove an application's permission at any time in Connections by clicking
. This authorization management interface is customizable.To connect an OAuth 2 client with IBM Connections using IBM Connections APIs with the Open Authentication 2 protocol the supported flow is as follows:
Authorization code grant flow.
Authorization endpoint URL:
https://www.connections.example.com/oauth2/endpoint/connectionsProvider/authorize
Token endpoint URL:
https://www.connections.example.com/oauth2/endpoint/connectionsProvider/token
"oauthprovider"
service as follows:
<sloc:serviceReference serviceName="oauthprovider"
enabled="true"
ssl_enabled="true"
bootstrapHost="admin_replace"
bootstrapPort="admin_replace"
clusterName="">
<sloc:href>
<sloc:hrefPathPrefix>/oauth2</sloc:hrefPathPrefix>
<sloc:static href="http://www.connections.example.com" ssl_href="https://www.connections.example.com"/>
<sloc:interService href="https://www.connections.example.com"/>
</sloc:href>
</sloc:serviceReference>