Skip to content

Releases: LabVIEW-Open-Source/Oauth2

Initial Release OAuth 2.0

05 Apr 22:13
Compare
Choose a tag to compare

OAuth 2.0 library for LabVIEW

This library contains the base class for Oauth2 authorization workflow.

Extensions currently provided with the framework:

  • Oauth2.Github
  • Oauth2.GitLab
  • Oauth2.Slack
  • Oauth2.LinkedIn
  • Oauth2.Google
  • Oauth2.Template (for extensions)

(suggestions for more integrations, and community contributions are welcome)

Online authoritative resources:
https://oauth.net/2
https://www.oauth.com/

Online blogs by LabVIEW developers:

A few comments about the current state and evolution of the project:

  • This Oath2 library does not support Implicit Grant Flow, as it will be deprecated in Oauth 2.1 due to security concerns.

  • PKCE (Proof-Key Challenge Exchange) workflow is implemented and used by default. It is highly recommended not to deactivate it, as it will become a mandatory feature when Oauth2.1 becomes the norm.

  • As of this release, the library currently supports only redirections on port 80 (http) but has been built in a way that future updates should be easy to change to port 443 through https connection. This is because the project is maintained in LV2013 and TLS support was added in LV2020. However, an OauthClient class has been created to act as an "interface" which should allow injection of a TLS-secured client in later versions of LabVIEW (distributed as an extension addon to this library)

  • This library currently supports Authorization tokens, but not the ID Tokens for OpenID extension. It should be part of a future upgrade, once support for JWT (JSON Web Token) has been added to the library.

Release Notes:

  • Initial release of Open Authorization 2.0 API (Oauth2)

This release contains the base class for Oauth2 authorization workflow.

It also contains extensions for popular services such as Github, Gitlab, Google, LinkedIn and Slack.
A template class is provided to start new service extensions quickly to suit the developer's needs.
I'm know Azure and AWS should be in that list, but those mentioned above were prioritized for developer's own selfish reasons... Hopefully this is remedied quickly through community contributions.

By default, the Oauth2 library uses the PKCE (Proof-Key Challenge Exchange) workflow, which will become mandatory as of Oauth 2.1. PKCE can be deactivated with an API call before the Authorize method is called, but since it is a no-op on servers that do not support it, it is recommended that it stays activated for all authorization requests.

The Oauth2 library does not (and will not) support Implicit Grant Flow, as it will be deprecated in Oauth 2.1 due to security concerns.

A few comments about the current state and evolution of the project:

  • The library currently supports only redirections on port 80 (http) but has been built in a way that future updates should be easy to change to port 443 through https connection. This is because the project is maintained in LV2013 and TLS support was added in LV2020. However, an OauthClient class has been created to act as an "interface" which should allow injection of a TLS-secured client in later versions of LabVIEW (distributed as an extension addon to this library)
  • This library currently supports Authorization tokens, but not the ID Tokens for ConnectID extension. It is being planned as well, once support for JWT (JSON Web Token) has been added to the library.

This Package depends on these other packages:
Data Manipulation >= 1.4.0.13
Epoch Date & Time >= 1.0.0.2
OpenSerializer >= 1.1.1.14
Unicity >= 1.1.0.6
Connection >= 1.0.0.5
OpenURI >= 1.0.0.9
OpenSerializer.Base64 >= 1.0.2.4