the alfresco api
Post on 03-Jan-2016
78 Views
Preview:
DESCRIPTION
TRANSCRIPT
The Alfresco API
Steven GloverGethin JamesPeter Monks
Agenda
1. Introductory presentation – 10 mins2. Developer portal – 10 mins3. Coding exercise – 60 mins4. Where to get help – 5 mins5. Future direction – 5 mins6. Q&A – as time permits
Objective:To leave this session with a functioning Alfresco Cloud application of your own.
Format:Short introductory presentation followed by lengthy coding exercise.
Logistics:These two sessions are being run as a single session without a formal break. Please feel free to take breaks whenever you’d like!
USB drives are being distributed through the audience – please copy the files on them to your local machine, then pass the drive on.
The Alfresco APIFolder, file, content and metadata
manipulation and search
Networks, sites, people,
comments, tags, activities, …
OAuth2
What is OAuth2?• Defined in RFC-6749• Secure authentication
•3rd party apps don’t ever see the user’s password
• Unambiguously identifies:•API provider (e.g. Alfresco)•Client application (e.g. your application)•End-user (e.g. an Alfresco Cloud user)
How are we using it in Alfresco?• Used to secure the Alfresco API• Only authentication mechanism provided for APIs in Alfresco Cloud
OAuth2 – Registering an App
ApplicationDeveloper
AlfrescoDeveloper Portal
Creates developer
profile
Assigns an API key and secret
for that app
Signs up on developer
portal
Registers an application
OAuth2 – Authorisation
Application Alfresco End-UserLinks to Alfresco
authorisation page, passing
API key & secret
Asks the user to authorise
the appUser authorises
the app to access their
accountRedirects to your app’s callback URL, passing authorisation
code
Exchanges the authorisation code for an
access tokenReturns access
and refresh tokensSecurely
persists the access and
refresh token for that user
OAuth2 – API Calls
Calls APIs, passing the
access token in the Authorization
HTTP header
Identifies user from access
token, executes API
call
Application Alfresco
OAuth2 – Refresh Flow
Calls APIs, passing the
access token in the Authorization
HTTP header
Returns 401 error,
indicating access token has expired
Refreshes access token,
passing refresh token
Returns new access token
Application Alfresco
Calls APIs, passing the
access token in the Authorization
HTTP header
Identifies user from access
token, executes API
call
Developer Portal
Coding Exercise
Where to Get Help
Ply Steve, Gethin and Peter with these:
Resources• Alfresco API forum• #alfresco on freenode IRC• Alfresco Technical Discussion Google Group
Source Code• Code from This Session• Spring Social Alfresco Library• Peter’s Grails Example• Jeff’s Java Examples• Jeff’s Python Examples
CMIS & Apache Chemistry in Action
• Everything you need to know about CMIS 1.0 & 1.1
• Lots of Groovy and Java examples
• Also covers Python, Android, & iOS
• Now on MEAP!• 37% off with code “12cmisal”
Future Direction
More APIs:• CMIS 1.1• User provisioning• Transformation• Workflow• Records Management• Rich Media Management
More than APIs:• Community & Enterprise• Client SDKs• Content models• Workflow definitions• Rule definitions• UI extensions
Alfresco Confidential
Disclaimer: This list is NOTcommitted to the roadmap yet!
QUESTIONS?
top related