1.  Home
  2. MIDRANGE-L
  3. June 2025

RE: OAuth2 authentication with hosted web service

Jon, are you thinking that IWS should give users the option of calling an ILE program with certain parameters and based on the results of the call fail or allow request to continue?

Input parameters would be HTTP headers chose by user, and output would be a return code, and if authenticated, the user ID?

I think that would be possible. That would eliminate the need for users to do Java.


-----------------------------------------------
Nadir Amra
e-mail: amra@xxxxxxxxxx


From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of Jon Paris <jon.paris@xxxxxxxxxxxxxx>
Date: Wednesday, June 11, 2025 at 12:47 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: [EXTERNAL] Re: OAuth2 authentication with hosted web service
I wasn't talking about a shortcut Marco. Merely suggesting that being forced to use Java for the purpose of implementing the authentication process was a little strange for a tool that enables the deployment of regular RPG programs as web services.

I've implemented OAuth2 and JWT-type authentication in RPG code and could repurpose that - why should I have to implement it in Java?

I know that I could do as Nadit suggests and write only enough Java just to call the RPG code - my point was why doesn't IBM supply that stub? They are much better equipped to do so than the target audience of IWS.


Jon Paris
Jon.Paris@xxxxxxxxxxxxxx



On Jun 11, 2025, at 6:20 PM, Marco Facchinetti <marco.facchinetti@xxxxxxxxx> wrote:

Jon I think an RPG programmer is the least suitable technical person in the
universe to handle security. Every request that comes into IWS has to go
through a firewall (Network, proxy, Waf or NGFW but a firewall), any other
shortcut is just trouble.

My opinion, of course.
--
Marco Facchinetti

Mr S.r.l.

Tel. 035 962885
Cel. 393 9620498

Skype: facchinettimarco


Il giorno mar 10 giu 2025 alle ore 23:06 Jon Paris <jon.paris@xxxxxxxxxxxxxx>
ha scritto:

It's a great pity that it has to be in Java. Since IWS' role in life is
to surface RPG code with Java hidden in the background, it makes no sense
to me to have to write this exit code in Java. Why not allow RPG code to be
called?


Jon Paris
Jon.Paris@xxxxxxxxxxxxxx



On Jun 10, 2025, at 8:29 PM, Nadir K Amra <amra@xxxxxxxxxx> wrote:

In the IWS server, you have the option to insert a trust authentication
interceptor (TAI). It a piece of user-defined Java code that gets called
for protected web services. In this code you have access to the HTTP
request data, and you can do anything you want.

See https://www.ibm.com/support/pages/node/6396908


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.