Getting Started with OAuth2.0 and IBM SmartCloud.

 There are several advantages of using Open Authorization 2.0 (OAuth2.0) framework for accessing resources from a server, over the more traditional ones like Basic or Form authentication, prime being the peace of mind of end user. With OAuth2.0 end users do not have to worry about sharing their credentials with a third party application allowing it to access data from main server on their behalf.                    

There are obviously other advantages like easy mingling of OAuth2.0 with other security protocols like SAML, providing granular access to resources etc., but scope of this article would be making end users secure by allowing them not to share their credentials with any third party applications.

So what's the best way for training a developer on OAuth2.0, who has experience of authentication using Basic and Form standards, show him a sample and show it's not complicated as is the normal perception.

I love the analogy which is used on IBM Smartcloud documentation page to explain OAuth2.0, here is the scenario

1. Mike asks Paul to go to the bank on his behalf.
2. Paul gives Mike his previously registered ID to submit to the Bank.
3. Mike goes to the Bank, proves his own identity, and then submits Paul's ID to register Paul as his courier.
4. Bank confirms with Mike: "Do you want to allow Paul to access your assets?"
5. As Mike trusts Paul, he agrees.
6. Bank grants a temporary code to Mike.
7. Mike passes the temporary code to Paul.
8. Paul immediately goes to the bank to submit the code because the code is short-lived
    (if Paul waits too long the code expires and the process must begin all over again).
9. Bank validates the temporary code submitted by Paul.
10. Bank issues Paul a token that lets him bypass the registration check for the next two hours.
11. Paul accesses Mike's assets. (Note: The Connections Cloud implementation of OAuth 2.0 provides unlimited access to user resources).
12. Within 2 hours, Paul must renew the token so he can continue to access Mike's assets.

As you can see, Mike never shares his banking credentials directly with Paul, instead all Paul has is a temporary token to do transactions on behalf (or impersonating) Mike. This is critical since cases of user credentials being stolen from such third party app stores is becoming all common these days, consider what would happen if the ecommerce site where you stored your card details gets hacked ?

Getting the code part of things

Application Registration
For a third party application wishing to leverage OAuth2.0 on IBM Connections Cloud, it has to register itself with I BM Connections cloud platform. It also has to provide a Callback URL while registering, this is the url where Smartcloud will redirect user to on successful authorization, so it is important to finalize this before application starts registration process.

Upon successful registration platform returns with a ClientId and Client Secret..

OAuth2.0 Dance : Process of an application leveraging OAuth2.0 is often referred to as OAuth2.0 dance.

Step One : When user tries to access Third party application, and it recognizes user is not logged in, it redirects user to the IBM Connections Cloud authorization page using a url like below

https://apps.na.collabserv.com/manage/oauth2/authorize?response_type=code&client_id=<client_id>&callback_uri=<callback_uri>

Once user enters right credentials, an explicit question is asked if user wants to allow 'third party application' to access his data on server

Step Two : IBM Connections Cloud returns with a 302, with the target value header having the value of applications callback url. It also includes a special token called Authorization token.
Here is the format used
https:///<callback-uri>?code=1236879.


Step Three : Third party application then exchanges this authorization code with access token from host server. Here is the api call it would be making

https://apps.na.collabserv.com/manage/oauth2/token?callback_uri=<callback_uri>&lient_secret=<client_secret>&client_id=<client_id>&grant_type=authorization_code&code=<authorization_code>

IBM Connections cloud then returns with access token, which application can use to make api calls on behalf of end users.

Below are some diagrams which explains the above process

 

Incase you are looking for a sample implementation look at 

1. https://github.com/OpenNTF/SocialSDK

2. https://www.youtube.com/watch?v=BW6t-WeEGs0

Customer Service, tale of Empathy and Humor

How often you come across a customer service representative who leaves a smile back at your face ? I use services from some of the leading companies from across the world and very often the experience of talking to their representatives leaves much to be desired. However once in blue moon, you come across a person who genuinely seems to be interested in solving the problem you are facing and offers a simple apology for in-convenience you may have faced.

So what are the probably the two most important characteristics you expect from customer representatives ?
From the organization perspective it might be product and process knowledge, and they are rightly trained intensively for that. From customer standpoint I believe Empathy and Humor go a long way in establishing a connect with stressed customer. Let me get this straight empathy and humor alone would not help, I do not call support to hear silly jokes and that's certainly not what I meant :). Without product and process knowledge these qualities are like vehicle without fuel, and would not take you anywhere.

I have seen lots of such situations and executives who are loved by customers and are asked to be put on in a stressful situation, and without fail they come out diffusing an atomic situation using these two qualities. Here is an example of one conversation between amazon customer rep and customer.

Me: Tracking shows delivered but shipment not received

Amazon: Warmest greetings [...] my name is Thor.

Me: Greetings, Thor. Can I be Odin?

Amazon: Odin, Father, How art thy doing on this here fine day?

Me: Thor, my son. Agony raises upon my life.

Amazon: This is outrageous! Who dares defy The All Father Odin! What has occurred to cause this agony?

Me: I’m afraid the book I ordered to defeat our enemies has been misplaced. How can we keep Valhalla intact without our sacred book?

Amazon: This is blasphemy! Wherever this book has been taken to, I shall make it my duty to get it back to you! I fear it is Loki but I dare not blame him for such things. I shall have your fortune returned to you and thereafter we can create a new quest in order to get the book back to you.

Me: Very well my son.

Amazon: Allow me some time to round up my allies and complete this my father.

Me: Do it for me Thor, but most importantly do it for the mortals whose destiny (and grades) rely on this book.

Amazon: Alas, the treasure has been returned to you. You now need to reinstate your book into your archive so that you may yet receive it soon. I shall have the Valkyrie deliver it to you as fast as their wings can move.

Me: Ok so roleplay aside I have my money back and reorder the book?

Amazon: haha yes I have refunded you and you need to reorder the book.

Me: Great!

Amazon: Have you placed the order

Me: Let me do that
done

Amazon: Okay let me edit it for you [...] that good?

Me: Wow hooking me up for one day delivery? Sweet!

Amazon: Haha yea man gotta get your book asap!

Me: I’ve heard Amazon has great customer service and this just proves it! thanks man

Amazon: No problem, is there any other issue or question that I can help you with?

Me: Nah that was it. Really appreciate it

Amazon: Anytime bro. Have a great day. Goodbye Odin

Me: Bye my son.

MIUI7 is finally here for Note3G, update your device to V7.0.2.0.KHDMICI

If your Note3 is still running on MIUI6, time is here to update it to MIUI7.

Best way of updating your device is the OTA method. Look under Settings, update device and you should see the update.

However if you do not see it yet, you should be able to download the update package from here



Note 3 download package