Allowing third-party applications access to data via the OAuth2 protocol
Allow third-party applications to ask your HCL Connections users for access to their data.
HCL Connections now supports the OAuth 2.0 standard authorization protocol. Third-party applications ("consumer" applications) can use a combination of OAuth and the HCL Connections API to access HCL Connections data.
Before a consumer application can access a user's HCL Connections data, an HCL Connections administrator must register the application. Then the user must give the application permission. Once a consumer application is registered and has permission it can employ the user's data, and push its own data to a user's status updates. "HCL Connections data" here means all of the user's data, including photographs, personal profile information, and any content they have added anywhere. For example, a social networking application could display a user's profile picture and personal information. It could also push status updates the user makes in the consumer application to the HCL Connections activity stream and status updates.
As an HCL Connections administrator you create and manage a list of registered consumer applications. List membership might depend upon agreements with the consumer application companies. You can use commands to add, edit, view information on, count, and delete consumer applications from the list.
When users open the consumer application they are prompted to give or deny the application permission to access the user's HCL Connections data. Permission is granted by a token which expires in six months if not renewed by the user. When a permission expires users must visit the consumer application again and go through the authorization process. Users also can remove an application's permission at any time in Connections by clicking
. This authorization management interface is customizable.To connect an OAuth 2 client with HCL Connections using HCL Connections APIs with the Open Authentication 2 protocol the supported flow is as follows:
Authorization code grant flow.
Authorization endpoint URL:
https://www.connections.example.com/oauth2/endpoint/connectionsProvider/authorize
Token endpoint URL:
https://www.connections.example.com/oauth2/endpoint/connectionsProvider/token
"oauthprovider"
service as follows:
<sloc:serviceReference serviceName="oauthprovider"
enabled="true"
ssl_enabled="true"
bootstrapHost="admin_replace"
bootstrapPort="admin_replace"
clusterName="">
<sloc:href>
<sloc:hrefPathPrefix>/oauth2</sloc:hrefPathPrefix>
<sloc:static href="http://www.connections.example.com" ssl_href="https://www.connections.example.com"/>
<sloc:interService href="https://www.connections.example.com"/>
</sloc:href>
</sloc:serviceReference>