Web Services resource-adapter can be configured to participate in OAuth 1.0a and OAuth2 authentication schemes. Using Teiid along with "ws" translator and "web-services" resource adapter once write applications communicating with web sites like Google and Twitter.
In order to support OAuth authentication, there is some preparation and configuration work involved. Individual web sites typically provide developer facing REST based APIs for accessing their content on the web sites and also provide ways to register custom applications on user's behalf, where they can manage the Authorization of services offered by the web site. The first step is to register this custom application on the web site and collect consumer/API keys and secrets. The web-sites will also list the URLS, where to request for various different types of tokens for authorization using these credentials. A typical OAuth authentication flow is defined as below
Unable to render embedded object: File (deviceflow.png) not found.
The above image taken from https://developers.google.com/accounts/docs/OAuth2
To accommodate above defined flow, Teiid provides a utility called "teiid-oauth-util.sh" or "teiid-oauth-util.bat" for windows in the "bin" directory of your server installation. By executing this utility, it will ask for various keys/secrets and URLs for the generating the Access Token that is used in the OAuth authentication and in the end output a XML fragment like below.
The XML fragment at the end defines the JAAS Login Module configuration, edit the standalone-teiid.xml and add it under "security-domains" subsystem. User needs to use this security-domain in their resource adapter as the security provider for this data source. An example resource-adapter configuration to define the data source to the web site in standalone-teiid.xml file looks like
Then, any query written using the "ws" translator and above resource-adapter will be automatically Authorized with the target web site using OAuth, when you access a protected URL.
In the above configuration a single user is configured to access the web site, however if you want to delegate logged in user's credential as OAuth authentication, then user needs to extend the above LoginModule (org.teiid.jboss.oauth.OAuth20LoginModule or org.teiid.jboss.oauth.OAuth10LoginModule) and automate the process defined in the "teiid-oauth-util.sh" to define the Access Token details dynamically. Since this process will be different for different web sites (it involves login and authentication), Teiid will not be able to provide single solution. However, user can extend the login module to provide this feature much more easily since they will be working with targeted web sites.