190 likes | 405 Views
The Alfresco API. Steven Glover Gethin James Peter Monks. Agenda. Introductory presentation – 10 mins Developer portal – 10 mins Coding exercise – 60 mins Where to get help – 5 mins Future direction – 5 mins Q&A – as time permits. Objective:
E N D
The Alfresco API Steven Glover Gethin James Peter Monks
Agenda • Introductory presentation – 10 mins • Developer portal – 10 mins • Coding exercise – 60 mins • Where to get help – 5 mins • Future direction – 5 mins • Q&A – as time permits
Objective: To leave this session with a functioning Alfresco Cloud application of your own. Format: Short introductory presentation followed by lengthy coding exercise.
Logistics: These two sessions are being run as a single session without a formal break. Please feel free to take breaks whenever you’d like! USB drives are being distributed through the audience – please copy the files on them to your local machine, then pass the drive on.
The Alfresco API Folder, file, content and metadata manipulation and search Networks, sites, people, comments, tags, activities, …
OAuth2 What is OAuth2? • Defined in RFC-6749 • Secure authentication • 3rd party apps don’t ever see the user’s password • Unambiguously identifies: • API provider (e.g. Alfresco) • Client application (e.g. your application) • End-user (e.g. an Alfresco Cloud user) How are we using it in Alfresco? • Used to secure the Alfresco API • Only authentication mechanism provided for APIs in Alfresco Cloud
OAuth2 – Registering an App Application Developer Alfresco Developer Portal Signs up on developer portal Creates developer profile Registers an application Assigns an API key and secret for that app
OAuth2 – Authorisation Application Alfresco End-User Links to Alfresco authorisation page, passing API key & secret Asks the user to authorise the app User authorises the app to access their account Redirects to your app’s callback URL, passing authorisation code Exchanges the authorisation code for an access token Returns access and refresh tokens Securely persists the access and refresh token for that user
OAuth2 – API Calls Application Alfresco Calls APIs, passing the access token in the Authorization HTTP header Identifies user from access token, executes API call
OAuth2 – Refresh Flow Application Alfresco Calls APIs, passing the access token in the Authorization HTTP header Returns 401 error, indicating access token has expired Refreshes access token, passing refresh token Returns new access token Calls APIs, passing the access token in the Authorization HTTP header Identifies user from access token, executes API call
Where to Get Help Ply Steve, Gethin and Peter with these: Resources • Alfresco API forum • #alfresco on freenode IRC • Alfresco Technical Discussion Google Group Source Code • Code from This Session • Spring Social Alfresco Library • Peter’s Grails Example • Jeff’s Java Examples • Jeff’s Python Examples
CMIS & Apache Chemistry in Action • Everything you need to know about CMIS 1.0 & 1.1 • Lots of Groovy and Java examples • Also covers Python, Android, & iOS • Now on MEAP! • 37% off with code “12cmisal”
Future Direction More APIs: • CMIS 1.1 • User provisioning • Transformation • Workflow • Records Management • Rich Media Management More than APIs: • Community & Enterprise • Client SDKs • Content models • Workflow definitions • Rule definitions • UI extensions Disclaimer: This list is NOT committed to the roadmap yet! Alfresco Confidential