Presentation on theme: "The Alfresco API Steven Glover Gethin James Peter Monks."— Presentation transcript:
The Alfresco API Steven Glover Gethin James Peter Monks
Agenda 1.Introductory presentation – 10 mins 2.Developer portal – 10 mins 3.Coding exercise – 60 mins 4.Where to get help – 5 mins 5.Future direction – 5 mins 6.Q&A – as time permits
Objective: To leave this session with a functioning Alfresco Cloud application of your own. Format: Short introductory presentation followed by lengthy coding exercise.
Logistics: These two sessions are being run as a single session without a formal break. Please feel free to take breaks whenever you’d like! USB drives are being distributed through the audience – please copy the files on them to your local machine, then pass the drive on.
The Alfresco API Folder, file, content and metadata manipulation and search Networks, sites, people, comments, tags, activities, …
OAuth2 What is OAuth2? Defined in RFC-6749RFC-6749 Secure authentication 3 rd party apps don’t ever see the user’s password Unambiguously identifies: API provider (e.g. Alfresco) Client application (e.g. your application) End-user (e.g. an Alfresco Cloud user) How are we using it in Alfresco? Used to secure the Alfresco API Only authentication mechanism provided for APIs in Alfresco Cloud
OAuth2 – Registering an App Application Developer Alfresco Developer Portal Creates developer profile Assigns an API key and secret for that app Signs up on developer portal Registers an application
OAuth2 – Authorisation ApplicationAlfrescoEnd-User Links to Alfresco authorisation page, passing API key & secret Asks the user to authorise the app User authorises the app to access their account Redirects to your app’s callback URL, passing authorisation code Exchanges the authorisation code for an access token Returns access and refresh tokens Securely persists the access and refresh token for that user
OAuth2 – API Calls Calls APIs, passing the access token in the Authorization HTTP header Identifies user from access token, executes API call ApplicationAlfresco
OAuth2 – Refresh Flow Calls APIs, passing the access token in the Authorization HTTP header Returns 401 error, indicating access token has expired Refreshes access token, passing refresh token Returns new access token ApplicationAlfresco Calls APIs, passing the access token in the Authorization HTTP header Identifies user from access token, executes API call
Where to Get Help Ply Steve, Gethin and Peter with these: Resources Alfresco API forum #alfresco on freenode IRC Alfresco Technical Discussion Google Group Source Code Code from This Session Spring Social Alfresco Library Peter’s Grails ExamplePeter’s Grails Example Jeff’s Java ExamplesJeff’s Java Examples Jeff’s Python ExamplesJeff’s Python Examples
CMIS & Apache Chemistry in Action Everything you need to know about CMIS 1.0 & 1.1 Lots of Groovy and Java examples Also covers Python, Android, & iOS Now on MEAP! 37% off with code “12cmisal”
Future Direction More APIs: CMIS 1.1 User provisioning Transformation Workflow Records Management Rich Media Management More than APIs: Community & Enterprise Client SDKs Content models Workflow definitions Rule definitions UI extensions Alfresco Confidential Disclaimer: This list is NOT committed to the roadmap yet!