Re: Apache directive syntax -- WEB400

It's not that difficult to do. Really just a random character generator.

1. Generate a token (using IBM's random API - CEERAN0)
2. Check it against a history file of tokens generated (to make sure you
never generate a duplicate)
3. If you find one, repeat steps 1 and 2 until it's unique.
4. Assign the token to the account.

Then I have subprocedures that can retrieve an account ID from the token,
or vice versa as well as a host of other basic functions that make it very
easy to work with.

My random character generator is set up to accept a parameter for the
length of the token, but defaults to 32 bytes if not provided.

Why not write your own and make it open source. ;) but I did provide a
link on how to get the Authorization header:
https://www.fieldexit.com/forum/display?threadid=452

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #13 <https://www.bvstools.com/mailtool.html>: The ability
to use an IFS stream file as the body of the email (either text or html).

On Tue, Dec 11, 2018 at 8:46 AM Slanina, John <jslanina@xxxxxxxxxx> wrote:

Bradley,

I have a project next year to make the IBM I an Identity Federation for
our subscribers.
Don’t think there is any open source code for the IBM I ☹

Thanks
John Slanina

On 12/11/18, 9:34 AM, "WEB400 on behalf of B Stone" <
web400-bounces@xxxxxxxxxxxx on behalf of bvstone@xxxxxxxxx> wrote:

There may be with all the new OS, but I just rolled my own years ago
and
use that.

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #18 <https://www.bvstools.com/mailtool.html>:
Ability to
use SSL, TLS or OAuth 2.0 authentication. (OAuth 2.0 only available
with
Google or Microsoft Office 365).

On Tue, Dec 11, 2018 at 8:19 AM Slanina, John <jslanina@xxxxxxxxxx>
wrote:

> Bradley,
>
> Is there build in support for Oauth on the IBM I or does option 2
mean
> write it __
>
> Thanks
> John Slanina
>
>
> On 12/11/18, 8:41 AM, "WEB400 on behalf of B Stone" <
> web400-bounces@xxxxxxxxxxxx on behalf of bvstone@xxxxxxxxx> wrote:
>
> For the RESTful projects I've done for multiple clients to
accessh
> APIs, I
> have done the following:
>
> 1. Only put explicit paths in my HTTP config pointing to
explicit
> programs. A One to one. No wildcards.
>
> 2. Implemented a Oauth type token function. Each time an
application
> is
> called, if the token isn't good, exit immediately. (ie, header
> requires
> Authorization: Bearer <token> on each request).
> Example: https://www.fieldexit.com/forum/display?threadid=452
>
> 3. To request/refresh a token, a valid user/pw combo is
required.
> This
> can be done any way you want (a PF, validation list, etc).
>
> I do this even for small projects. I've had some clients ask
why I
> make
> them request a token, even for one or two endpoints. Well, if
> experience
> serves, once we get a couple endpoints and see how fruitful it
is, they
> will want more. And a way to track and log which endpoints are
being
> called, who is calling them (which is done by reverse lookup of
the
> token),
> and how often. 9 times out of ten this happens.
>
> There may be cases where setting up alias matches with wildcards
is an
> idea, but in most cases I've dealt with, endpoints are explicit
and
> that
> isn't required.
>
> Just my .02 on this thread.
>
> Bradley V. Stone
> www.bvstools.com
> MAILTOOL Benefit #7 <https://www.bvstools.com/mailtool.html>:
The
> ability
> to completely bypass the IBM SMTP system all together using
MAILTOOL
> Plus
> or other Addons.
>
>