SetUp Drupal for web service integration.

Photo by Nathan Dumlao on Unsplash
Share this

Drupal is very friendly with sharing content via JSON Web Services, literally, you just need to add ?_format=json to the URL and enable the Rest module! nothing else… or no... 

From the server browser and, maybe, from Postman, you can, but when you try to consume that services from your frontend, in the case Angular going to 'http://localhost:4200', you need to tell it to your CORS configuration. For that, duplicate the sites/default/default.services.yml, change the name to services.yml, enable the cors.config and add your allowedOrigin, something like this: 

cors.config:
    enabled: true
    # Specify allowed headers, like 'x-allowed-header'.
    allowedHeaders: ['*']
    # Specify allowed request methods, specify ['*'] to allow all possible ones.
    allowedMethods: ['*']
    # Configure requests allowed from specific origins.
    allowedOrigins: ['http://localhost:4200']
    # Sets the Access-Control-Expose-Headers header.
    exposedHeaders: false
    # Sets the Access-Control-Max-Age header.
    maxAge: false
    # Sets the Access-Control-Allow-Credentials header.
    supportsCredentials: false

CORS is just a standard, and enable or disable doesn’t mean that your content is protected, but don’t worry, we will talk about that later… 

For this particular example, I am going to show a list of users, so after enabling the REST module, I can create a Rest view that throws me this:
route: user-list?_format=json

[
   {
      name: "josue",
      uid: "1"
   },
   {
      name: "test",
      uid: "2"
   }
]


That was the simple part, now let's talk about Simple OAuth module, and how the hell configures it!.

In this case, the download has to be done with Composer, because it needs an external PHP library, so let’s run: 

$ composer require drupal/simple_oauth:3.x
$ drush en simple_oauth -y

This module has a dependency on the consumers' command, by running the above drush command you are also installing it. 

Once is enable, you need to create a new client!. so go to admin/config/services/consumer

Here you can set up the time for the token, but most importantly we will need some keys, so get out of the Drupal site, and create a folder for new keys and add the route there
 

$ mkdir certificate
$ openssl genrsa -out private.key 2048
$ openssl rsa -in private.key -pubout > public.key
certificate

Good, now we can create the new client, but wai!, open another tab, and create a new user Role, the SimpOAuthuth module needs a role for each client. And what the hell are the clients!. This is, more or less, the responsible for access to specific content you will see that later. After creating the new user role, go back and create a new client, that means that we need to go to admin/config/services/consumer/add,  and set up a new client. Fill the client_secret (the password), leave empty the User, select the Scope with your new user role, and it will generate a client_id. The result is here:

new client

Recapitulating, the Rest module, which is in the core of Drupal, help us a lot with JSON web services, added to this,  with some views, we can easily create our responses in the way that we want.

Remember, to consume these web services, we also need to enable the CORS in our services.yml file, and for authentications, we use the Simple OAuth module, which gives us a client that will be the responsible for the access from our frontend. 

Now, what will happen with this, and how are we going to use it in our project, is the next topic, the logic behind Angular login with Drupal. 
 

Comments

Add new comment

The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.