PLCNext REST interface "loosely" based on OAuth2

ddewaele

Hi,

I am writing a REST client for the PLCNext and was hoping to use a standard OAuth2 client library (to avoid writing boilerplate handshaking code, code and access token exchange / handling / refreshing), but according to your documentation your implementation is based loosely on OAuth 2.0 as described in RFC 6749.

Why is this "loosely" based instead of providing an actual standard OAuth2 implementation ?

It seems that core mandatory concepts such as clientId are not supported so using a standard Oauth2 library is not possible. This results in clients having to write custom boilerplate code to retrieve an access token and access the API.

Am I correct in stating that or am I missing something ?

Martin [PLCnext Technology Team]

Hi Davy,

Here is the answer from the team who developed the REST API:

A full-blown OAuth server would be too large for a small embedded device. A full installation of OAuth 2.0 server would be too extreme for the vast majority of our customers’ use cases. We wanted to use a lightweight protocol that would allow developers that are familiar with web standards to get a quick foothold on our authentication protocol.

I hope this answers your questions.

~ Martin.