{"id":36605761,"url":"https://github.com/infor-cloud/ion-api-sdk","last_synced_at":"2026-01-12T08:45:05.546Z","repository":{"id":37951887,"uuid":"112530389","full_name":"infor-cloud/ion-api-sdk","owner":"infor-cloud","description":" Infor ION API® Gateway SDK","archived":false,"fork":false,"pushed_at":"2023-05-31T20:07:12.000Z","size":1459,"stargazers_count":69,"open_issues_count":11,"forks_count":30,"subscribers_count":34,"default_branch":"master","last_synced_at":"2024-03-26T19:30:01.986Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/infor-cloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-11-29T21:34:09.000Z","updated_at":"2024-03-20T11:09:08.000Z","dependencies_parsed_at":"2023-02-05T22:01:58.269Z","dependency_job_id":null,"html_url":"https://github.com/infor-cloud/ion-api-sdk","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/infor-cloud/ion-api-sdk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infor-cloud%2Fion-api-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infor-cloud%2Fion-api-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infor-cloud%2Fion-api-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infor-cloud%2Fion-api-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/infor-cloud","download_url":"https://codeload.github.com/infor-cloud/ion-api-sdk/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infor-cloud%2Fion-api-sdk/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28337599,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T06:09:07.588Z","status":"ssl_error","status_checked_at":"2026-01-12T06:05:18.301Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-12T08:45:05.434Z","updated_at":"2026-01-12T08:45:05.538Z","avatar_url":"https://github.com/infor-cloud.png","language":"Java","funding_links":[],"categories":["API网关"],"sub_categories":["微服务框架"],"readme":"﻿![Infor Logo](https://avatars0.githubusercontent.com/u/1702191?s=100\u0026v=4) Infor ION API gateway SDK\n===================\nThe Infor ION API gateway is a powerful API management tool. For more information contact us on Infor.com.  This SDK has been created to provide you the ability to:\n\n - Use previous configured ClientID and Secret to handshake with the Infor Authorization Server to obtain a valid OAuth 2.0 Bearer token that the Gateway expects all requests to include (unless API endpoint is configured to use the AnonymousInboundSecurity policy – which can and should be be used sparingly.)\n - Send and receive responses for HTTPS requests using the various methods such as GET, PUT, POST, DELETE and provide the appropriate headers and payload (body)\n - Handle errors indicated by HTTP status codes other than 200.\n\n\u003e Note that information on developing mobile client applications that authenticate through and access ION API gateway services can be found separately in the Infor Mobile SDK.\n\n----------\n**Table of Contents**\n\n - Choosing a grant type\n - Java Web Applications\n - Java Thick Clients\n - .Net Web Applications\n - .Net Thick Clients\n - Backend Applications (Java, .Net or Golang)\n\n----------\nChoosing a grant type\n=====================\n\nOAuth2 supports different flows to securely consume APIs for different access patterns. Of the various grants, ION API supports following grants -\n\n 1. Authorization code Grant - suitable for Native mobile/desktop apps,\n    Web Apps    \n 2. Implicit Grant - suitable for single page/user agent based\n    applications\n 3. Resource Owner Grant - suitable for server to server access i.e.\n    backend service client. In these cases user/resource owner is not\n    present for authorization so service accounts are used for\n    backchannel authentication and authorization.\n 4. SAML Bearer Grant - suitable for applications plugged in with Infor\n    Ming.le (i.e. apps that have SSO with Ming.le federation hub).\n\nBased on your clients access pattern,  you need to implement the appropriate OAuth2 Grant. Here is a decision flow to help you choose an OAuth2 grant:\n\n![Grant Flow](https://raw.githubusercontent.com/infor-cloud/ion-api-sdk/master/ION%20API%20-%20Choosing%20OAuth2%20grants.png)\n\nJava web applications\n=====================\n\n[Sample Java Web Application](https://github.com/infor-cloud/ion-api-sdk/tree/master/JavaWebClientOAuth2)\n\nJava thick clients\n==================\n\n[Sample Java Thick Client](https://github.com/infor-cloud/ion-api-sdk/tree/master/JavaThickClientOAuth2)\n\n.Net web applications\n========================\n\n[Sample .net Web Application](https://github.com/infor-cloud/ion-api-sdk/tree/master/DotNetWebClientOAuth2)\n\n.Net Thick Client\n===========================\n\n[Sample .net Thick Client](https://github.com/infor-cloud/ion-api-sdk/tree/master/DotNetRichClientOAuth2)\n\nBackend Applications (Java, .Net or Golang)\n===================================\n\nFor backend applications, those applications that do not have a user available to authenticate, the recommended grant to use is resource owner.  Given the disparity for the location of the Infor Ming.le identities a new set of credentials is being used for the resource owner grant.\nThrough the resource owner grant only service accounts will be authenticated. A Service Account can be associated to a user therefore making the call to the backend application on behalf of the user.  The administrator of the Infor ION API gateway will create the service account in IFS and register your application.\n\n**Registering your Backend Application to Obtain an OAuth ClientID and Secret**\nIn addition to a Service Account to act as the \"user\" your backend Application will have to be registered.  During the process of registering your backend application an OAuth ClientID and Client-Secret will be generated for your application. You will need all of the following four pieces of information when contacting the Infor Authorization Server in order to obtain a OAuth 2.0 Bearer token that your backend application can you to make API requests via the ION API Gateway:\n\n 1. Application ClientID \n 2. Application Client-Secret\n 3. Service Account AccessKey \n 4. Service Account SecretKey\n\n**Example HTTP Request for OAuth2 Resource Owner grant**\nOAuth2 resource owner grant facilitates obtaining access token for backend services using backchannel HTTP POST request to auth server token endpoint (e.g. as/token or connect/token) using following params-\n\n 1. grant_type = password (fixed) \n 2. username = service account accesskey\n 3. password = service account secretkey\n 4. client_id = authorized app\n 5. client id client_secret = authorized app \n 6. client secret scope = oauth2 scope (Optional)\n\n**.NET Applications**\n---------------------\n\nThere are multiple OAuth2.0 libraries available but one that could be used is:\nhttp://www.nuget.org/packages/Thinktecture.IdentityModel.Client/\nIt provides a library with utility functions to implement the OAuth2.0 protocol.\nThe client application can leverage the library to construct the correct url query parameters and the form post required as part of the interaction with the Authorization service.\n\n**Sample Application**\n----------------------\n\nA .NET sample application is provided in this SDK and leverages the Thinktecture library in order to obtain/refresh/revoke tokens and call a webservice client with the token.\nThe sample client showcases the functionality available by the library.\nThe Sample application has been inspired on the samples from the Thinktecture team located at:\nhttps://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Clients\n\nThe sample app tries to showcase the interaction of the client with the authorization service. This sample app does not treat the access_token or refresh_token securely.\nMaintaining the access_token and refresh_token secure is responsibility of the final application and should be secured as any other existing secret.  \nKey interactions\n**Create client**\n\n    _oauth2 = new OAuth2Client(new Uri(OAuth2TokenEndpoint), ResourceOwnerClientId, ResourceOwnerClientSecret);\n\nWith the provided token_endpoint, ClientId and ClientSecret it is possible to construct a client to use in further interactions.\nIt will be able to make request authenticating using the ClientId and ClientSecret.\n\n**Obtain access_token**\n\n    _oauth2.RequestResourceOwnerPasswordAsync(ServiceAccountAccessKey, ServiceAccountSecretKey).Result;\n\nWith the service account accessKey and secretKey it is possible to request an access token.\nThe response will be of type TokenResponse. This will contain whether has been an error obtaining the token. If successful then it will include the access_token and if available for the client the refresh_token.\n**Calling service**\nWith the token from the TokenResponse it is possible to call the service passing the access token as a bearer token.\n\n    var client = new HttpClient\n                {\n                    BaseAddress = new Uri(IONAPIBaseUrl)\n                };\n                client.SetBearerToken(token);\n                var response = client.GetAsync(\"M3/m3api-rest/execute/CRS610MI/ChgFinancial?CUNO=Y30000\u0026BLCD=0\").Result;\n\n**Refresh token**\nIf a refresh token is available as part of the response it is possible to obtain a new access_token and refresh_token without requiring the service account credentials.\n\n    _oauth2.RequestRefreshTokenAsync(refreshToken).Result;\n\n**Revoke refresh token**\nIf a refresh token is provided and there is no longer the need to make calls to the webservice without providing the service account credentials then the refresh token should be revoked.\n\nCurrently the Thinktecture library does not provide a method to revoke the token. But this can be achieved with a method like:\n\n    private static void RevokeToken(string token, string tokenType)\n    {\n        var client = new HttpClient();\n        client.SetBasicAuthentication(ResourceOwnerClientId, ResourceOwnerClientSecret);\n        var postBody = new Dictionary\u003cstring, string\u003e\n                {\n                    { \"token\", token },\n                    { \"token_type_hint\", tokenType }\n                };\n        var result = client.PostAsync(OAuth2TokenRevocationEndpoint, new FormUrlEncodedContent(postBody)).Result;\n     \n    }\n\nIn order to revoke an refresh token, it should be called with the following parameters:\n\n    RevokeToken(token.RefreshToken, OAuth2Constants.RefreshToken);\n\n\n\nGo applications\n-------------------\n\nGolang provides package golang.org/x/oauth2 to implement the OAuth2.0 protocol.\n  \n**Make OAuth 2.0 configuration**  \nFirst step is to define a configuration. Reference to downloaded credentials properties will be used in all code examples.\n\n    conf := \u0026oauth2.Config{\n           ClientID:     \u003cApplication ClientID\u003e,\n           ClientSecret: \u003cApplication Client-Secret\u003e,\n           Scopes: []string{\n                  \"openid profile\",\n           },\n           Endpoint: oauth2.Endpoint{\n                  AuthURL:  \u003cpu\u003e + \u003coa\u003e,\n                  TokenURL: \u003cpu\u003e + \u003cot\u003e,\n           },\n    }\n\n**Obtain tokens**  \nNow it is ready to obtain tokens. Token struct in Go contains both access and refresh tokens.\n\n    tok, err := conf.PasswordCredentialsToken(oauth2.NoContext, \u003cService Account AccessKey\u003e, \u003cService Account SecretKey\u003e)\n    if err != nil {\n           // handle error\n    }\n\n**Create HTTP client and make a request**  \nOAuth 2.0 configuration struct has also a method to create HTTP client for you.\n\n    client := conf.Client(oauth2.NoContext, tok)\n      \n    resp, err := client.Get(\u003cRequest URL\u003e)\n    if err != nil {\n           // handle error\n    }\n\n_Note:_ you do not need to refresh token manually, client cares about and will do it [automatically.](https://godoc.org/golang.org/x/oauth2#Config.Client)  \n\n**Revoke tokens**  \nThe package does not provide methods to revoke any token. You can do it, calling revoke service directly.\n\n    resp, err := http.Get(\u003cpu\u003e + \u003cor\u003e + \"?token=\" + tok.RefreshToken)\n    if err != nil {\n           // handle error\n    }\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfor-cloud%2Fion-api-sdk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finfor-cloud%2Fion-api-sdk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfor-cloud%2Fion-api-sdk/lists"}