Options
  • State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 752 views
  • Users 0 members are here
Related

OAuth2 connection from COM API

greigza

Hi there, 

We have a scenario where a customer has implemented a Federated Auth with MFA.

  • Person to machine auth: 
    When logging on as a user, the Federated Auth Login will pop up.
    The user can enter their credentials on the desktop then authenticate on the authentication app on their mobile device. 

  • Machine to machine auth: 
    We are able to provide the client_id, client_secret and resource and receive the access token in return. 
    Where we are running into an issue is with the authentication to connect to the vault. 
    The vault does not have a federated authentication plugin configured  in the vault. 
    When trying to create an authentication object, the MFAuthType allows for an "MFAuthTypeUnknown" as well as the usual MFiles/Windows auth types. 
    How do we pass the access token to M-Files to successfully authenticate to the vault ? 

I am convince there is a missing configuration ie. there is no federated auth plugin configured on the vault, but the customer assures us they had a 3rd party application successfully connecting to the vault. 
I trust this makes sense, and I hope somebody can assist with the connection. 

A side note, we are attempting to connect via the COM API using OAuth but are happy to use the RESTful API if this is an option. 

Parents
  • 0

    You seem to be wanting to use the client credential flow.  You need to check out the documentation here: Configuring OAuth Authentication for Application Accounts.pdf.  This is supported in M-Files cloud now, and I know that there's an ongoing effort to bringing this to on-premises implementations (although I do not personally recall the timeframe).

  • 0 in reply to Craig Hawker

    Hi Craig, 

    Thanks for the reply. 

    I had discussed the application accounts (and M-Files manage for on premise vaults) with M-Files Support, and confirmed that application accounts are not officially supported for on-premise yet. 

    The customer has implemented their own authentication flow, with no federated auth plugin configurations on the the vaults, which has proved confusing for us. Their user to machine auth with MFA works perfectly as does their machine to machine auth with client secret and access token. 

    We had a session with their authentication specialist yesterday who has steered us in the right direction. Hopefully we should be sorted today. Holding thumbs .. 

  • 0 in reply to greigza

    I think the main bit I'm worried about is ensuring that the machine-to-machine (client credential flow) authentication token is associated with a user in M-Files; that's part of what that document I linked to talks about.  That has to happen so that actions taken via the API are associated with an M-Files user.

    That's the bit I'm not sure about without using the above approach, but let's hope that their specialist has a way forward.

Reply
  • 0 in reply to greigza

    I think the main bit I'm worried about is ensuring that the machine-to-machine (client credential flow) authentication token is associated with a user in M-Files; that's part of what that document I linked to talks about.  That has to happen so that actions taken via the API are associated with an M-Files user.

    That's the bit I'm not sure about without using the above approach, but let's hope that their specialist has a way forward.

Children
M-Files
M-Files Support


© 2024 M-Files, All Rights Reserved.