The client contacted Chetu with aspirations of simplifying their architecture even further. The envisioned solution required Chetu to engineer a middleware interface to leverage during authorization processes and a point of contact for the targeted authorization server. Essentially, the web intermediary would be added to the system dialogue; the preexisting desktop application would interact with a custom web app and the web app would interact with the targeted authorization server.
The targeted authorization server is dictated by the desktop app. However, all sensitive information would be stored in the web server, inaccessible to the desktop app.
Many of the APIs we wanted to extract from the desktop application used OAuth to handle authorization and authentication, in combination with the 'Authorization Code Flow Model', a protocol that enables the authorization server in question to make a request to the OAuth client server as part of the authentication process.
The problem for the client: the authorization was not self-executing because the desktop app functioned behind a firewall, blocked communication with the target authorization server and limiting request fulfillment. To resolve this issue, Chetu determined that by the end of the reprogramming process the .NET desktop app should possess the OAuth Access Token and the Refresh Token. The desktop app also needed to be able to pass a Refresh Token to the web app, and the web app, then, needs to use that token to gain new access and Refresh Tokens from the targeted authorization server.
During this project Chetu leveraged the following technologies:
To fulfill the client's requests, Chetu also had to perform OAuth and Riskalyze integrations. Riskalyze, minimizes investments driven by gut instincts by evaluating each investment with quantitative measures and a proprietary algorithm. Riskalyze is transforming the financial industry by empowering investment advisors to capture a quantitative measurement of client risk tolerance, and use that data to win new clients, capture and meet expectations plus quantify suitability.
OAuth is an open standard for authorization, commonly used as a way for Internet users to log in to third party websites using their Microsoft, Google, Facebook, Twitter, One Network etc. accounts without exposing their password. Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third-party then uses the token to access the protected resources hosted by the resource server.
Chetu began by developing a class library, which was added as a reference point for the existing desktop application. The class library interacts with the existing Windows application and the web interface. Our Developers then went in to engineer an OAuth2 intermediary web app, which communicates with the target authorization server and the class library.
This web interface will identify the target server using Auth Server ID and pass the required information to the Authorization Server. The web interface will get a response from the server accordingly and revert to the desktop application through the class library. Target Authorization Server details will be stored in XML or JSON format, which can be accessible by a web interface only.
As the project with Chetu concluded, the client received an intelligent .NET Web API application, fully capable of invoking the authentication server and programmed with the ability to retrieve and send access tokens to the class library. The class library Chetu completed is an offshoot of the desktop application.