About 1. Chapter 1: Getting started with odata 2. Remarks 2. Examples 2. Installation or Setup 2. Odata- The Best way to Rest 2

Similar documents
About 1. Chapter 1: Getting started with ckeditor 2. Remarks 2. Versions 2. Examples 3. Getting Started 3. Explanation of code 4

Develop Mobile Front Ends Using Mobile Application Framework A - 2

Modern SharePoint and Office 365 Development

DreamFactory Security Guide

SAP IoT Application Enablement Best Practices Authorization Guide

Consuming Office 365 REST API. Paolo Pialorsi PiaSys.com

Integration Service. Admin Console User Guide. On-Premises

Technical Overview. Version March 2018 Author: Vittorio Bertola

Gmail Integration for Salesforce and Dynamics 365

Sentinet for Microsoft Azure SENTINET

PROCE55 Mobile: Web API App. Web API.

windows-10-universal #windows- 10-universal

Modern App Architecture

Developing ASP.NET MVC Web Applications (486)

Example Azure Implementation for Government Agencies. Indirect tax-filing system. By Alok Jain Azure Customer Advisory Team (AzureCAT)

Oracle Mobile Application Framework

EMS Platform Services Installation & Configuration Guides

Tutorial: Building the Services Ecosystem

System and Software Architecture Description (SSAD)

STARCOUNTER. Technical Overview

Oracle Fusion Middleware 11g: Build Applications with ADF Accel

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

SHAREPOINT DEVELOPMENT FOR 2016/2013

Introducing the Harmony Core Open Source Project Presented by Jeff Greene

Leveraging the Globus Platform in your Web Applications. GlobusWorld April 26, 2018 Greg Nawrocki

5 OAuth Essentials for API Access Control

5 OAuth EssEntiAls for APi AccEss control layer7.com

About 1. Chapter 1: Getting started with wso2esb 2. Remarks 2. Examples 2. Installation or Setup 2. Chapter 2: Logging in WSO2 ESB 3.

Luckily, our enterprise had most of the back-end (services, middleware, business logic) already.

Partner Center: Secure application model

Building RESTful Web Services with. Presented by Steve Ives

MOBILE CLOUD SERVICE. Build Your Mobile Strategy Not Just Your Mobile Apps

Advanced API Security

WebSphere Puts Business In Motion. Put People In Motion With Mobile Apps

ORACLE MOBILE HUB. Build Your Mobile Strategy Not Just Your Mobile Apps

October J. Polycom Cloud Services Portal

Oracle Cloud Using the Evernote Adapter. Release 17.3

Single Sign-On for PCF. User's Guide

Integrating with ClearPass HTTP APIs

Oracle Cloud. Using the Google Calendar Adapter Release 16.3 E

About 1. Chapter 1: Getting started with iphone 2. Remarks 2. Versions 2. Examples 2. Installation or Setup 2. What is iphone. 3

StorageGRID Webscale NAS Bridge Management API Guide

Oracle Cloud Using the Google Calendar Adapter. Release 17.3

Integration Service. Admin Console User Guide. On-Premises

Beginner s Guide to Cordova and Mobile Application Development

Xerox Connect App for Blackboard

Build Mobile Cloud Apps Effectively Using Oracle Mobile Cloud Services (MCS)

About 1. Chapter 1: Getting started with dagger-2 2. Remarks 2. Versions 2. Examples 2. Description and Setup 2. Basic Example 3.

20486-Developing ASP.NET MVC 4 Web Applications

Using the Horizon vrealize Orchestrator Plug-In

TAXII 2.0 Specification Pre Draft

Alteryx Technical Overview

Xerox Mobile Link App

WhoWhenWhere. Project: WhoWhenWhere Date:

Guidelines on non-browser access

Expertise that goes beyond experience.

The Now Platform Reference Guide

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE

Introduction to Kony Fabric

Scaling DreamFactory

About 1. Chapter 1: Getting started with oozie 2. Remarks 2. Versions 2. Examples 2. Installation or Setup 2. Chapter 2: Oozie

Oracle Cloud Using the Google Calendar Adapter with Oracle Integration

70-486: Developing ASP.NET MVC Web Applications

Lookout Mobile Endpoint Security. AirWatch Connector Guide

Mozy. Administrator Guide

Liferay Security Features Overview. How Liferay Approaches Security

Sentinet for BizTalk Server SENTINET

Deploying enterprise applications on Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard

visual-studio-2010 #visual- studio-2010

API Gateway. Version 7.5.1

Centrify for Dropbox Deployment Guide

Developing with the Cloud

Enterprise Web Development

Oracle Cloud Using the Trello Adapter. Release 17.3

VISUAL APPLICATION CREATION AND PUBLISHING FOR ANYONE

Connect and Transform Your Digital Business with IBM

REST API Operations. 8.0 Release. 12/1/2015 Version 8.0.0

Red Hat OpenStack Platform 10 Product Guide

Administering Jive Mobile Apps for ios and Android

Oracle Cloud Using the Microsoft Adapter. Release 17.3

Oracle Communications Services Gatekeeper

Oracle Mobile Hub. Complete Mobile Platform

Back-end architecture

OpenIAM Identity and Access Manager Technical Architecture Overview

About 1. Chapter 1: Getting started with signalr 2. Remarks 2. Versions 2. Examples 3. Getting up and running 3. SignalR 2+ 3

Before you start proceeding with this tutorial, we are assuming that you are already aware about the basics of Web development.

API Security Management with Sentinet SENTINET

Managing trust relationships with multiple business identity providers (basics) 55091A; 3 Days, Instructor-led

Building Offline Mobile Apps with Oracle JET and MCS

Oracle Cloud Using the UiPath Robotic Process Automation Adapter with Oracle Integration F

SharePoint 2013 Developer

Red Hat 3scale 2.3 Accounts

Embedded type method, overriding, Error handling, Full-fledged web framework, 208 Function defer, 31 panic, 32 recover, 32 33

API Security Management SENTINET

ruby-on-rails-4 #ruby-onrails-4

Build Meeting Room Management Website Using BaaS Framework : Usergrid

Cleveland State University Department of Electrical and Computer Engineering. CIS 408: Internet Computing

BlackBerry Developer Summit. A02: Rapid Development Leveraging BEMS Services and the AppKinetics Framework

Xerox Mobile Print Solution

Developing Microsoft Azure Solutions (70-532) Syllabus

Transcription:

odata #odata

Table of Contents About 1 Chapter 1: Getting started with odata 2 Remarks 2 Examples 2 Installation or Setup 2 Odata- The Best way to Rest 2 Chapter 2: Azure AD authentication for Node.js 4 Introduction 4 Examples 4 Content 4 Credits 8

About You can share this PDF with anyone you feel could benefit from it, downloaded the latest version from: odata It is an unofficial and free odata ebook created for educational purposes. All the content is extracted from Stack Overflow Documentation, which is written by many hardworking individuals at Stack Overflow. It is neither affiliated with Stack Overflow nor official odata. The content is released under Creative Commons BY-SA, and the list of contributors to each chapter are provided in the credits section at the end of this book. Images may be copyright of their respective owners unless otherwise specified. All trademarks and registered trademarks are the property of their respective company owners. Use the content presented in this book at your own risk; it is not guaranteed to be correct nor accurate, please send your feedback and corrections to info@zzzprojects.com http://www.riptutorial.com/ 1

Chapter 1: Getting started with odata Remarks This section provides an overview of what odata is, and why a developer might want to use it. It should also mention any large subjects within odata, and link out to the related topics. Since the Documentation for odata is new, you may need to create initial versions of those related topics. Examples Installation or Setup Detailed instructions on getting odata set up or installed. Odata- The Best way to Rest From Odata.org OData (Open Data Protocol) is an OASIS standard that defines the best practice for building and consuming RESTful APIs. OData helps you focus on your business logic while building RESTful APIs without having to worry about the approaches to define request and response headers, status codes, HTTP methods, URL conventions, media types, payload formats and query options etc. OData also guides you about tracking changes, defining functions/actions for reusable procedures and sending asynchronous/batch requests etc. Additionally, OData provides facility for extension to fulfil any custom needs of your RESTful APIs. The most exciting feature of Odata from my view are, 1. Url conventions In normal API's there is no standard way to specify a url, means by seeing someone API we cannot ensure that what that API is doing. Odata helps to create a standard url based on the business logic. 2. Querying In normal API, once we created further if we want only a specific data from the response we will do like this Call the API (From Server API returns everything) Apply filtering on the client side. otherwise creates separate API which results filtered data. But instead of these OData API allows querying option means we can include filtering conditions in http://www.riptutorial.com/ 2

Odata url itself, the Odata automatically filter the result from server so we can acheive what ever data we wants alone. To play with Odata in postman http://www.odata.org/getting-started/learning-odata-on-postman/ Read Getting started with odata online: http://www.riptutorial.com/odata/topic/5830/getting-startedwith-odata http://www.riptutorial.com/ 3

Chapter 2: Azure AD authentication for Node.js Introduction This document provides a high level overview and explains the whole architecture of Azure AD Authentication Process for Node.js (MOBILE TOOL) It is explains technical component and its interaction between mobile App, Web-API, Document DB and Azure Active Directory. Finally, how mobile user will be able to login into system and perform operations. The document provides a high-level description of the goals of the architecture, the use cases support by the system and architectural styles and comp Examples Content High Level Design Document MOBILE Tool (Azure AD authentication for Node.js) Version 1.0 (Draft) Table of Contents 1. Introduction 4 2. Architectural Representation (Logical View) 5 3. Technical Process 7 4. Architectural Goals and Constraints 8 5. Size and Performance 9 6. Issues and concerns 9 High Level Design (HLD) 1. Introduction This document provides a high level overview and explains the whole architecture of Azure AD Authentication Process for Node.js (MOBILE TOOL) It is explains technical component and its interaction between mobile App, Web-API, Document DB and Azure Active Directory. Finally, how mobile user will be able to login into system and perform operations. The document provides a high-level description of the goals of the architecture, the use cases support by the system and architectural styles and components that have been selected to best achieve the use cases. 1.1. Purpose High Level Design Document (HLD) provides a comprehensive architectural overview of MOBILE APP. 1.2. Scope The scope of this HLD is to depict the architecture of the MOBILE APP developed by Preludesys team. 1.3. Definitions, Acronyms, and Abbreviations http://www.riptutorial.com/ 4

HTTP Hypertext Transfer Protocol Azure AD Azure Active Directory Web-API Web Application Program Interface REST API Representational state transfer JSON JavaScript Object Notation ADAL - Azure Active Directory Authentication Library ios Operating system for Apple Devices Android - Operating system for Google Devices OAuth2 /OpenID- an open standard for authorization User - This is organization user having member of Azure Active Directory. Creator (Process Owner) - This is a user who can create/ modify Document Reader - This user can read/view Data Administrator this user can read, modify and delete any of DTCPII tool Process Specification, Process Review, Process Template and administer other user rights / roles. Administrator can delegate or share administrative rights to other users in the system. 1.4. References 1.5. Overview This document provides technical overview of following components. Node.JS Module Custom Web API ADAL Library Azure Active Directory Document DB 2. Architectural Representation (Logical View) The solution is divided into two components.one is Client side app which would run on mobile and Server side component running in Azure environment. http://www.riptutorial.com/ 5

Mobile App (Node.js Client) Node.js is light weight responsive user interface. A mobile application would simply be the, written in the native language or using a hybrid solution like Cordova (aka PhoneGap). This user interface would get data and perform business logic via calls to a server side API. If mobile app requires portions of the business logic, it'd have to be rewritten in objective- C for ios and Java for Android. While Cordova offers a solution for some code reuse, it cannot leverage Node or its ecosystem directly. Server Side Component Node.js Server Node is a JavaScript web server runtime. This act as Web server for mobile app. It use JSON as data exchange format, JSON, can be natively parsed by both ends. Node differs from most web application runtimes in the manner that it handles concurrency. Rather than using threading to accomplish concurrency, Node relies on an eventdriven loop running in a single process. Node supports an asynchronous (non-blocking) model. Web API This is REST API solution running on Azure as Web API. Its running on top of Document DB and act as protective layer for Document DB. ASP.NET tooling and security middleware from the Microsoft Open Web Interface for.net (OWIN) components that make protecting Web API straightforward. The end point is protected using azure AD OAuth Bearer 2.0 Access Tokens. 3. Technical Process 3.1. Authentication Authentication boils down to asking a caller, when sending a message to a server, to include some kind of credential that can verify his identity or retrieve his attributes. The server then uses that information for authorization determining whether access should be granted and in what terms. Resources often offload most of the authentication functions to an external services provider, commonly known as an authority or an identity provider. These providers take care of heavy-duty tasks such as onboarding users, assigning credentials, handling lifecycle flows (such as password recovery), providing a UI for user authentication, credential verification over multiple protocols, multiple authentication factor management, fraud detection and more. With those functions out of the way, the only authentication task left is to verify that authentication succeeded at the authority of choice. This typically involves examining a security token, a data fragment issued by an authority to a caller upon successful authentication. Security tokens are usually crafted according to a specific format, digitally signed by a key that will unequivocally identify the issuing authority, and contain some data that uniquely ties the token to the target resource. When the resource receives a request, it looks for an accompanying token. If it finds one that meets the required validation attributes, the caller is authenticated. At that level of detail, the pattern is so generic it can describe many different approaches to authentication. I ll apply it to this scenario by assigning the high-level roles to concrete entities. The Resource The resource will be the ASP.NET Web API 2 project I need to secure. You can apply authentication requirements with finer granularity. 3.2. Custom Web API and secure End point The Authority will configure the Web API to offload its authentication needs to Windows Azure AD, a Platform as a Service (PaaS) available to every Windows Azure subscriber. Windows Azure AD is specifically designed to support cloud-based http://www.riptutorial.com/ 6

application workloads. The service stores information about users (attributes and credentials) and organizational structure. It can synchronize data with Windows Server Active Directory, provided connect exclusively in the cloud. 3.3. OAuth Token Format OAuth 2.0 Validation process doesn t mandate any particular token format, but the JSON Web Token (JWT) format (bit.ly/14ehle8) for REST scenarios has become the de facto standard. Both Windows Azure AD and the Microsoft OWIN components support the JWT format in OAuth 2.0 flows. The mechanics of JWT acquisition and validation are all taken care of by the middleware, and the token format is transparent to the application code. 3.4. Node.js Module with ADAL Library Node.js modules is a mobile interface contains UI components and authentication module to get security token from Active Directory using ADAL library. The ADAL for node.js library makes it easy for node.js applications to authenticate to Azure AD in order to access Azure AD protected web resources. 3.5. Document DB Setup and Configuration 3.6. Azure AD sync using Azure AD Connect This is out of scope as business users are already part of office 365 which implies they already sync with Azure Active Directory. 4. Architectural Goals and Constraints Server side Mobile tool will be hosted on Azure Cloud platform running as Web Application All communication with client has to comply with public HTTPS, TCP/IP communication protocol standards. Client Side Users will be able to access Mobile tool over Android and ios devices. 4.1. Security To be able to authenticate users, you must register Node.js application with the Azure Active Directory (AAD). This is done in two steps. First, you must register your mobile service and expose permissions on it. Second, you must register your ios app and grant it access to those permissions 4.2. Persistence Data persistence will be addressed using Azure Document DB database. 4.3. Reliability/Availability 4.4. Performance There is no particular constrains related to system performance. It is anticipated that the system should respond to any request well under standard database and web server script timeouts (20 seconds), also system performance can depend on available hardware, PSU network and internet connection capabilities. In addition, upload / download times can depend on data size which in turn depends on user input. Therefore, actual performance can be determined only after system deployment and testing. 5. Size and Performance 6. Issues and concerns Read Azure AD authentication for Node.js online: http://www.riptutorial.com/odata/topic/10583/azure-ad-authentication-for-node-js http://www.riptutorial.com/ 7

Credits S. No Chapters Contributors 1 2 Getting started with odata Azure AD authentication for Node.js Community, LMK Sandip Dalvi http://www.riptutorial.com/ 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback