Difference between v11 and v12: OAuthServer.config

Hello,

The server where Aras is installed have an alias. With the version 11, the OAuth server automatically get the current alias.

With v12, apparently, there's a file OAuthserver.config where we need to configure the alias of the application.

Why is that ?

Best Regards,

AlBer

Parents
  • Hi AlBer,

    The OAuth Server changed quite a bit between 11.0 and 12.0, most notably because the responsibility of the login process moved from the Client to the OAuth Server. There were a number of significant changes made to support this shift.

    However, I'm not sure I understand your exact question. Are you referring to the <redirectUris/> in the OAuth.config?

    Chris

Reply
  • Hi AlBer,

    The OAuth Server changed quite a bit between 11.0 and 12.0, most notably because the responsibility of the login process moved from the Client to the OAuth Server. There were a number of significant changes made to support this shift.

    However, I'm not sure I understand your exact question. Are you referring to the <redirectUris/> in the OAuth.config?

    Chris

Children
  • Yes, that's what I talk about. I had to modify this file in order to be able to connect from an external browser.

  • Hi AlBer,

    The purpose of these <redirectUris/> are to help protect against any malicious applications that might try to get a token through the OAuth Server. The Aras Innovator installer automatically populates these URIs based on all of the aliases that it can find by running a small script. However, this script may not find any custom aliases that you've defined so they will need to be added here manually.

    The reason you didn't need to do this in 11.0 was that this concept of a redirect URI from the OAuth Server didn't exist since the Client handled the login itself.

    Chris

  • Thank you for your answer !