The remote function support different methods for logging into different server. Since this is a very important method for using remote to access data in other server, this document will show examples of the how it is done and the different methods supported.

Supported commands used for authentication

@Connect Nothing Sets the url that will be used for the login operation. For dg3 it will be striped down to onlys server part like http(s)://server.domain/
@IsLoggedIn String Will return yes if logged in and no if not
@Login String This depend on the login method used.

If form based like django and dg3 is used, the page data is returned if there is any. A redirect will not fall trough in django or dg3 when successful login is done, so a blank page might be the result on success and the login page with a error message if not.
@logintype Nothing The type of login used. Defaut is dataease, but you can also use anybasic, basic, digest, ntlm, negotiate, anybasic, post, dg3 and django. The anybasic method tests all of the basic methods from the strongest to basic and uses the best supported version. The negotiate method is not activated at the moment.
@Logout Nothing Clear login information and logs out.
@Password Nothing Set password used for login
@UserName Nothing Set user name used for login

OpenID Connect login

This way of login is not natively supported by DataEase, but you can du it manually by using remote to get a authentication bearer.

First you need to find out what url that a used to login to the server. This is done in a discovery fase. In the example below this is done manually before building the login. You cal do this automatically before each call to the server as well by do a remote to the discovery service that can be found at 

https://the.loginservice.domain/.well-known/openid-configuration

From here you can find the token_endpoint and the supported algorithms (id_token_signing_alg_values_supported) for getting the authentication token.

When you know all of this you need to generate signatures and send them to the correct login service. If you need to use the RSA routines for encrypting the jwt token, you must decode your key and store it in a readable format for the DEOS("@signature"...) function. To do that you need your encrypted key deliverered by the authentication provider, your key password and OpenSSL.

# To export the private key from the pfx file:
openssl pkcs12 -in win_cert.p12 -nocerts -out key.pem
# And now remove the key password:
openssl rsa -in key.pem -out key_with_no_pw.key<br>

Commands to decode your private key that you need to use.

define "Dummy" Text .
define "RSession" Text 100 .
define "kid" Text 100 .
define "clientid" Text 100 .
define "companykey" Text 255 .
define "tokenendpoint" Text 100 .
define "keypath" Text 250 .
define "accesstoken" Memo .
kid := "QtiXUhB5OuFHIegxeCZKx40nxAs" . -- this is a spesial id that you will find used on MicroSoft server
clientid := "0ce0527e-8272-6492-b334-5e0f4cc072c6" . -- some id you got back from your provider
companykey := "831bfe10-ab1e-4caf-96e9-912a6ed2ef91" . -- a key given to you by the provider that
tokenendpoint := "https://the-login.server.domain/connect/token" . -- url from disco
keypath := concat(GetCurrent("AppPath"),"\keytest.key") . -- your extracted key stored in a file in your app
RSession := Remote("@current:openidconnect") .
Dummy :=  Remote("@cleanup") .
Dummy :=  Remote("@debug:file", concat(GetCurrent("AppPath"),"\remotelog.txt") ) . -- debug to see what is called
Dummy := DEOS("@signature", "createsignature", "jwt", "rs256", DEOS("@ReadFromFile",keypath)) .
Dummy := DEOS("@signature", "addtoheader", "kid", kid) .
Dummy := DEOS("@signature", "addtopayload", "jti", DEOS("@guid")) .
Dummy := DEOS("@signature", "addtopayload", "sub", clientid) .
Dummy := DEOS("@signature", "addtopayload", "iss", clientid) .
Dummy := DEOS("@signature", "addtopayload", "aut", tokenendpoint) .
Dummy := Remote("resource=", tokenendpoint).
Dummy := Remote("grant_type=client_credentials") .
Dummy := Remote("client_id=", clientid).
Dummy := Remote("client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer").
Dummy := Remote("client_assertion=", DEOS("@signature", "getsignature")).
Dummy := Remote("scope=AppFramework").
-- Get the return code from the server, since it comes as text set it back to session
Dummy := Remote("@setjson",Remote(concat("@posturl:", tokenendpoint))).
-- If all when well there shoud be a access token for you now
Dummy := SetVar("accesstoken",Remote("access_token")) . 
Dummy := SetVar("companykey", companykey) .
Dummy :=  Remote("@debugoff") .
Dummy := Remote(RSession) . -- return the the one set when we started 

Example of how to get and use a open id connect authentication bearer

define "Dummy" Text .
define "RSession" Text 100 .
RSession := Remote("@current:companyinfo") .
Dummy :=  Remote("@cleanup") .
Dummy :=  Remote("@debug:file", concat(GetCurrent("AppPath"),"\remotegetinfo.txt") ) .
Dummy := ExecDQL("@ConnectToAPI") .
Dummy := Alert(GetVar("accesstoken")) . 
Dummy := Remote("@headerset",concat("Authorization: Bearer ",GetVar("accesstoken"))) .
Dummy := Remote("@headerset",concat("CompanyKey: ",GetVar("companykey"))) .
Dummy := Remote("@get:https://api.server.domain/api/into/something") .
Dummy := alert(Remote("@json")).
Dummy :=  Remote("@debugoff") .
Dummy := Remote(RSession) . -- return the the one set when we started 

How to use the access token if this ExecDQL was stored with the name ConnectToAPI in $$DQLStore$$

DG3 login

define "Dummy" Text .
define "un" Text 60 .
define "pw" Text 60 .
define "url" Text 255 .
define "LastSession" Text 255 .
un := "UserName".
pw := "Password".
url := "https://server.domain/". 
LastSession := Remote("@current:testuser").
Dummy := Remote("@cleanup").
Dummy := Remote("@username",un).
Dummy := Remote("@password",pw).
Dummy := Remote("@logintype:dg3").
Dummy := Remote("@connect",url).
Dummy := Alert(Remote("@isloggedin")).
Dummy := Remote(LastSession).

Example on DG3 login tha will altert with yes if logged in and no if not.