CA11851 Re: can i open a page in obrowser with an authentication header included ?

Bruno Del Sol bruno.delsol at bydesign.fr
Tue Jan 19 10:47:24 UTC 2021 

Hi Phil,

Yes, my use case was to pass an authentication header to be able to access an app's page. This client has a large 
desktop ERP Omnis app and some web based others apps. So it makes sense to pass the credentials of the desktop app along 
when opening a web page that handle datas or features related to the user's current task.

Just as Ben, I used a token passed in the GET url as workaround to replace the missing authentication, but this only 
worked because I was able to modify both ends apps. It wouldn't work for third party web apps. I understand Oauth2 might 
be a solution also, but I was hoping for a lighter one...

Thanks and regards

By Design
http://www.bydesign.fr
Bruno Del Sol
bruno.delsol at bydesign.fr
46, rue de La Tour d'Auvergne
75009 Paris (France)

Le 19/01/2021 à 11:26, Phil (OmnisList) via omnisdev-en a écrit :
> Hi Bruno,
>
> I've only had to manipulate headers when sending requests to a third party server, i.e. Oauth2 requests.
>
> But within O$10.2 using the Oauth2 object, its possible to overcome that issue and talk directly with the servers 
> using the HTTP commands.
>
> Thus in my case I could read and write data to from the server without user interactions, more of an import export of 
> our data compared to theirs... Google calendar being an example.
>
> I haven't needed to use oBrowser for that, as the Oauth2 object opens the default browser to get authorization.
>
> I'm curious what the scenario is that you need oBrowser having headers?
>
> Is it to do with post authorization, using a bearer token, you want to open a web page with authorization to do 
> something...
>
> I could see that being useful.
>
> regards
> Phil Potter
> Based in Chester in the UK.
>
> On 19/01/2021 10:03, Bruno Del Sol wrote:
>> Hello listers,
>>
>> I was wondering with UK supprot if any of you might have the need for this feature : being able to open a page with 
>> obrowser with some http headers added, as for authentication or cors, for instance ? And if yes what was your use 
>> case in a few words ?
>>
>> Would it be worth it to ask for this enhancement to Omnis ? Are you aware of security issue that this could raise ?
>>
>> TIA for your answers
>> Regards
>> Bruno
>>
>>
>>
>> By Design
>> http://www.bydesign.fr
>> Bruno Del Sol
>> bruno.delsol at bydesign.fr
>> 46, rue de La Tour d'Auvergne
>> 75009 Paris (France)
>>
>> Le 18/01/2021 à 10:38, Omnis Software Support UK a écrit :
>>>
>>> Hi Bruno
>>>
>>>
>>> As things stand, not really - it provides an interface that allows us to embed web pages in Omnis Studio.  So this 
>>> would be more of a user facing feature
>>>
>>>
>>> Engineering has mentioned - It might be possible to extend this further, and provide more control to developers, but 
>>> that is an enhancement request that would need some thought.
>>>
>>> d
>>>
>>> Kindest Regards,
>>>
>>> Luke Rayner
>>>
>>> *Development Support*
>>>
>>> t : _+44 (0) 1728 603011_
>>> e: _uk.support at omnis.net <mailto:uk.support at omnis.net>_
>>> w: www.omnis.net <http://www.omnis.net>
>>>
>>> *Omnis Software Ltd*
>>>
>>> Carlton Park House, Carlton Park Estate, Saxmundham IP17 2NL
>>>
>>>
>>>
>>> On Fri, 15 Jan 2021 at 15:18, Bruno Del Sol <bruno.delsol at bydesign.fr <mailto:bruno.delsol at bydesign.fr>> wrote:
>>>
>>>
>>>     Le 15/01/2021 à 15:20, Omnis Software Support UK a écrit :
>>>>
>>>>     Hi Bruno
>>>>
>>>>
>>>>     I cannot find an interface to add or remove HTTP headers, So I have raised an enhancement request for this here
>>>>     is the reference : ST/BR/387
>>>>
>>>>
>>>     I digged further on that and it seems no browser allows it either, because it could be used to trick users with
>>>     malicious scripts probably, while on the other hand it's a basic feature for programming languages or curl. Now is
>>>     the Chromium embedded in Omnis more of a user-facing kind of feature or more like a programmable interface to the
>>>     web ?
>>>
>>>
>>>>     For the time being you could send the authorisation token over the URL
>>>>
>>>
>>>     That's what I did, meanwhile
>>>
>>>
>>>>
>>>>     I will let you know as soon as we have a an update on this
>>>>
>>>>
>>>>     Kindest Regards,
>>>>
>>>>     Luke Rayner
>>>>
>>>>     *Development Support*
>>>>
>>>>     t : _+44 (0) 1728 603011_
>>>>     e: _uk.support at omnis.net <mailto:uk.support at omnis.net>_
>>>>     w: www.omnis.net <http://www.omnis.net>
>>>>
>>>>     *Omnis Software Ltd*
>>>>
>>>>     Carlton Park House, Carlton Park Estate, Saxmundham IP17 2NL
>>>>
>>>>
>>>>
>>>>     On Thu, 14 Jan 2021 at 15:08, Bruno Del Sol <bruno.delsol at bydesign.fr <mailto:bruno.delsol at bydesign.fr>> wrote:
>>>>
>>>>         Hi,
>>>>
>>>>          From Omnis, I need to open a page that requires an authentication header. Is it possible with oBrowser ?
>>>>
>>>>         Thanks and regards
>>>>         Bruno
>>>>
>>>>         --         By Design
>>>>         http://www.bydesign.fr <http://www.bydesign.fr>
>>>>         Bruno Del Sol
>>>>         bruno.delsol at bydesign.fr <mailto:bruno.delsol at bydesign.fr>
>>>>         46, rue de La Tour d'Auvergne
>>>>         75009 Paris (France)
>>>>
>> _____________________________________________________________
>> Manage your list subscriptions at http://lists.omnis-dev.com
>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com 
> _____________________________________________________________
> Manage your list subscriptions at http://lists.omnis-dev.com
> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com

More information about the omnisdev-en mailing list