Overview
OAuth (Open Authorization) is an open standard for authorization users across software applications. SugarCRM implements Oauth in order to integrate with other applications such as IBM Lotus Live.
Using OAuth with Sugar
Step 1: Establishing Consumer Key
You need to create a Consumer Key/Secret Pair in ‘Admin > OAuth Keys’ page to use the Sugar OAuth provider. The key pair can be arbitrary strings and should be used by your client when calling OAuth functions.
Step 2: Creating Request Token
Make a REST call to oauth_request_token method (supported in REST API version 4+) to create a Request Token.
Below is an example using PHP OAuth extension:
$oauth = new OAuth('CUSTOMKEY', 'CUSTOMSECRET', OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);$url = 'http://{sugar_url}/service/v4_1/rest.php';$request_token_info = $oauth->getRequestToken($url."?method=oauth_request_token");
The response for this method is the query-encoded string containing the following three parameters:
- oauth_token
- oauth_token_secret
- authorize_url
Example:
oauth_token=bf1492236fbe&oauth_token_secret=5b05d09a0b7e&oauth_callback_confirmed=true&authorize_url=http%3A%2F%2Fmysugarinstance.com%2Findex.php%3Fmodule%3DOAuthTokens%26action%3Dauthorize
The PHP OAuth extension method getRequestToken automatically parses the string and returns it as an array, other clients parse the string manually.
Step 3: Approve Request Token
The Request Token should be approved manually by the user. To achieve this, the user should log into Sugar and then go to the URLproduced by adding token to the authorize URL returned above, e.g.:
http://{sugar_url}/index.php?module=OAuthTokens&action=authorize&token=bf1492236fbe
The client should produce this URL for the user with the information returned in the previous step. The user then receives the verification code required to input in the client application.
Step 4: Request Access Token
The client should use the token and secret received in Step 2 and the verifier that the user received in Step 3 to request the Access Token, using the oauth_access_token method. Example using PHP OAuth extension:
$oauth = new OAuth('CUSTOMKEY','CUSTOMSECRET', OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);$url = 'http://{sugar_url}/service/v4_1/rest.php';$oauth->setToken($token, $secret);$access_token_info = $oauth->getAccessToken($url."?method=oauth_access_token&oauth_verifier=$verify");The response for this contains the OAuth Access Token and secret, query-encoded.
Example:
oauth_token=bf1492236fbe&oauth_token_secret=5b05d09a0b7e
Again, the PHP OAuth extension method getAccessToken automatically parses the string and returns it as an array; other clients parse the string manually.
Step 5: Using Access Token
Access token can be used either directly to access REST API methods via OAuth, or to establish a login session.
Use the access token directly to access any method via OAuth:
$oauth = new OAuth('CUSTOMKEY','CUSTOMSECRET', OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);$url = 'http://{sugar_url}/service/v4_1/rest.php';$oauth->setToken($token, $secret);$data = $oauth->fetch($url."?method=get_available_modules&input_type=JSON&request_type=JSON&response_type=JSON");
Use the recommended oauth_access method to establish a new session (similar to username/password login):
$oauth = new OAuth('CUSTOMKEY', 'CUSTOMSECRET', OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);$url = 'http://{sugar_url}/service/v4_1/rest.php';$oauth->setToken($token, $secret);$data = $oauth->fetch($url."?method=oauth_access&input_type=JSON&request_type=JSON&response_type=JSON");
You will receive a JSON response which will have session ID as id value. Use this ID as session parameter to other calls.
