OAuth 2.0 via JWT iFormBuilder

Introduction

OAuth 2.0 interfaces cover a range of authentication options. One option which is of growing popularity is the JSON Web Token standard based on RFC 7519. There is a website jwt.io which describes the standard in user friendly language.

From Iguana 6.0.3 onwards we have a set crypto signing APIs which make it easy to implement this standard.

To provide a practical example of using this API we picked an application called iFormBuilder, which is an application for creating mobile forms on iPhone and Android devices without extensive development. This is the iFormBuilder API guide.

iFormBuilder has many potential applications in healthcare, and it is HIPAA compliant. One could collect data via mobile devices and use Iguana to feed that data into your EMR or other applications without much effort.

You can create a free iFormBuilder account which does give you some API calls – not too many but enough for you to try this example for yourself.

Note: The primary purpose of this code is to demonstrate use of OAuth 2.0 Using a JSON web token for authentication. To demonstrate this it uses iFormBuilder and also uses HTTP caching for performance purposes. As a result this is probably not a piece of code you will reuse in its entirety, so we suggest you study the part of the code you are interested in and copy and adapt that piece.

If you want to do more with iFormBuilder then please refer to the documentation for the iFormBuilder API here: http://docs.iformbuilder.apiary.io/

If you have any questions please contact us at support@interfaceware.com.

Tip: The code for this channel uses stores the the iFormBuilder login information ( client key, client secret, profile id) in plain text this is not best practice.

You can use the encrypt.password.lua and store2.lua modules to store logon information in encrypted format, see the Salesforce.com Adapter for an example of how to do this.

Setup iFormBuilder [top]

  1. Get a free account:
  2. Set up the API:
    • Within your account go into Company->API Applications to this form:
      Screen Shot 2016-04-06 at 8.28.46 AM
    • Click on New Client. It will open up a dialog asking for the name of the new client – put Iguana:
      Screen Shot 2016-04-06 at 8.29.33 AM
    • Then it has a dialog asking which user to select for API access. I suggest selecting yourself.
    • After you are done you should see a screen something like this:
      Screen Shot 2016-04-06 at 8.33.35 AM

Using the Code [top]

This is the github code for the main module:

How it works [top]

  1. First we call the work() function, using pcall() to catch the error if the call fails.
    • If the call fails we concatenate the error with a helpful message and return it using net.http.respond{}
  2. In the work() function we use the iFormBuilder.connect{} function to connect to iFormBuilder.
  3. You will need to enter these three parameters into the iFormBuilder.connect{} call in your script:
    Note: These values are for the iFormBuilder account you setup in Preparation above.

    • Client key
    • Client_secret
    • Profile ID
  4. Once the connection is made return a list of users for iFormBuilder:
    1. First we use c:users() to query the users
    2. Then we format the list
    3. And finally we use net.http.respond{} to return the result

Note: The code makes use of HTTP caching to improve performance and to reduce the number of times that Iguana calls the iFormBuilder API which matters since the free version of iFormBuilder only allows a limited number of API calls.

More Information [top]

Tagged: