RESTful EWS Gateway support for Basic Authentication

CliveGross · ‎2018-12-09

We have a client interfacing with SBO via SmartConnector to pull log samples into a 3rd party SCADA Historian. Unfortunately, the 3rd party product only supports Basic Authentication.

Is it possible to support Basic in addition to OAuth2 Bearer Tokens? I realize Basic is less secure, however, the SBO user provided to the client has restricted priveleges and the SmartConnector will be secured with HTTPS.

JeffBowman · ‎2018-12-10

Hi, @CliveGross (Really wish this thing showed real names!!)

Supporting Basic authentication along with OAuth Bearer is not on the Smart Connector roadmap. A big reason is because of security as you mentioned. Unfortuntely, I don't think we would be able to offically support this any time soon natively, or if we would even want to. Is it possible to have the third party update their client to work with more modern web services?

That said, if you have a customer that really needs Basic Authentication and cannot update their client to support OAuth. Then it would likely be possible for you to write a custom REST Provider using Smart Connector that does use Basic Authenticaiton.

Best Regards,

-Jeff

See Answer In Context

JeffBowman · ‎2018-12-10

Hi, @CliveGross (Really wish this thing showed real names!!)

Supporting Basic authentication along with OAuth Bearer is not on the Smart Connector roadmap. A big reason is because of security as you mentioned. Unfortuntely, I don't think we would be able to offically support this any time soon natively, or if we would even want to. Is it possible to have the third party update their client to work with more modern web services?

That said, if you have a customer that really needs Basic Authentication and cannot update their client to support OAuth. Then it would likely be possible for you to write a custom REST Provider using Smart Connector that does use Basic Authenticaiton.

Best Regards,

-Jeff

CliveGross · ‎2018-12-11

Thanks for your answer @JeffBowman

I thought as much and have already provided our client with a link to your Github repo containing code samples. Our client is using OSISoft PI, which apparently only supports Basic auth out of the box. They are currently looking at options client side, failing that, we will look at a custom REST provider.

BTW I updated my username after you mentioned me!