Welcome to the Onshape forum! Ask questions and join in the discussions about everything Onshape.

First time visiting? Here are some places to start:
  1. Looking for a certain topic? Check out the categories filter or use Search (upper right).
  2. Need support? Ask a question to our Community Support category.
  3. Please submit support tickets for bugs but you can request improvements in the Product Feedback category.
  4. Be respectful, on topic and if you see a problem, Flag it.

If you would like to contact our Community Manager personally, feel free to send a private message or an email.

API OAuth support

shawn_dorseyshawn_dorsey OS Professional, Developers Posts: 4 PRO
Do your OAuth implementations follow the spec?  It appears you followed the pattern but not the spec.  Perhaps not even.  I'm not sure if you are using Oauth1 or Oauth2?  My use case only requires API access from my external application.  If we were using OAuth2 that would require me to acquire an access token to pass in the auth header of all requests.  Since it appears you require request signing, parameter order and canonicalization I'm assuming it's OAuth1. However it doesn't seem to follow that spec either based on your header formats and other inconsistencies.  Maybe I'm wrong?  It would appear I can't use any off the shelf clients that support oauth1 or oauth2 because you don't follow either of these specs?
Tagged:

Comments

  • john_de_freitasjohn_de_freitas Member Posts: 3
    edited December 2016
    @shawn_dorsey,

    The Onshape OAuth2 implementation is currently not meant for end-user accounts, but for server-to-server application authorization as needed by Onshape Appstore applications (https://appstore.onshape.com)

    This implementation follows the typical "three-legged" OAuth2 use cases as specified by RFCs 6479 and 6750. Specifically, the authorization code grant, access and refresh token workflows described by RFC 6479, and the conveyance of tokens in HTTP(S) requests as specified by RFC 6750.

    I'm happy to go into these and related subjects in further detail. Depending on your interest level, you may also be interested in our partner program (https://www.onshape.com/partners/apply). If you only want to enable some API access for your external application for your own account, in addition to our OAuth2-based solution, we may be able to help you out with alternative solutions as well.

    Regards,
    John de Freitas
  • shawn_dorseyshawn_dorsey OS Professional, Developers Posts: 4 PRO
    John, we are an approved partner.  My use case is for my external application to use the onshape api directly.  Perhaps I wasn't looking at the right documentation?
Sign In or Register to comment.