...
Since 2017.01 the Digital Delta import assumes that authentication is required for the given serverUrl, the properties clientId and clientSecret are required in the import configuration file. When using the google authentication service, the property refreshToken is also needed. By default the import will use "https://accounts.google.com/o/oauth2/token" as tokenUrl, optionally, a tokenUrl property can be specified. Note that other authentication services have not yet been tested.
Digital Delta offer two version of enidpoints. By default, version 1.0 is used. Since 2021.02 version 2.0 is also supported by FEWS. To use the new version, add version v2 to the properties. (See below.) Supported versions are currently v1 and v2.
Digital Delta import may need oauth2 authorisation. The exact way of accessing the bearer token for authorization depends on the requirements of the authorization of the server. FEWS has a default oauth2 token provider. If the import needs a different oauth2 token provider it can be configured as a string property, authProviderClass.
Example Import configuration file:
Code Block |
---|
|
<?xml version="1.0" encoding="UTF-8"?>
<timeSeriesImportRun xmlns="http://www.wldelft.nl/fews"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.wldelft.nl/fews http://fews.wldelft.nl/schemas/version1.0/timeSeriesImportRun.xsd">
<!-- This is an example import configuration file for importing Observations and Measurements data from a service -->
<import>
<general>
<importType>DigitalDelta</importType>
<serverUrl>http://host:port/FewsWebServices/rest/digitaledelta/12.0/timeseries</serverUrl>
<relativeViewPeriod unit="hour" start="-5" end="0" startOverrulable="true" endOverrulable="true"/>
<idMapId>IdImportDD</idMapId>
</general>
<properties>
<!-- Required: These properties are used to get an authentication token from the authentication service -->
<string key="clientId" value="XXXX"/>
<string key="clientSecret" value="XXXX"/>
<!-- Optional: The refresh_token used by the Google authentication service -->
<properties>
<string key="refreshTokenversion" value="XXXXv2"></>
<!-- Optional: The url used to obtain an authentication token, by default the Google authentication service is used -->
string>
<string key="tokenUrlauthProviderClass" value="https://accounts.google.com/o/oauth2/token"/>
nl.wldelft.util.io.auth.DigitalDeltaAuth2TokenProvider"></string>
</properties>
<timeSeriesSet>
<moduleInstanceId>ImportDD</moduleInstanceId>
<valueType>scalar</valueType>
<parameterId>MyPar</parameterId>
<locationSetId>MyLocSet</locationSetId>
<timeSeriesType>external historical</timeSeriesType>
<timeStep unit="nonequidistant"/>
<readWriteMode>add originals</readWriteMode>
<synchLevel>1</synchLevel>
</timeSeriesSet>
</import>
</timeSeriesImportRun>
|
...
Code Block |
---|
|
<?xml version="1.0" encoding="UTF-8"?>
<idMap version="1.1" xmlns="http://www.wldelft.nl/fews" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.wldelft.nl/fews http://fews.wldelft.nl/schemas/version1.0/idMap.xsd">
<!--
map internal timeseries directly to external timeseries
externalLocation should be set to the locationCode
externalParameter should be set to the observationTypeUuid
The Digital Delta parser queries each timeseries separately.
-->
<map internalLocation="MyLoc1" internalParameter="MyPar1" externalLocation="10160355000" externalParameter="44656c7461726573404645575340542e6f62732e6d65616e" />
<map internalLocation="MyLoc2" internalParameter="MyPar1" externalLocation="10160360000" externalParameter="44656c7461726573404645575340542e6f62732e6d65616e" />
</idMap>
|
DigitaleDelta Authentication
...
Digital Delta Authentication
As of release 2017.02 it is also possible to configure OAuth2 authentication. This functionality has been backported to Stable 2016.02 and 2017.01, however the way to configure this in the older releases differs.
OAuth2 Authentication version 2017.02 and later
<importType>DigitalDelta</importType> |
<serverUrl>
httphostdummy_hostname:port/FewsWebServices/rest/digitaledelta/1.0/timeseries</serverUrl> |
<user>username< <user>dummy_username</user> -- |
> > <!-- normally not required for OAuth2 --> |
<password>userpassword< <password>dummy_password</password> -- |
> > <!-- normally not required for OAuth2 --> |
<oauth2Config>
<oauth2Config>
<!-- Required: URL from which to receive the access token --> |
<authUrl>
https
<authUrl>https://sso.aquadesk.nl/connect/ |
token</authUrl>
token</authUrl>
<!--
Optional: For proper OAuth2 authentication a client_id and
client_secret are required. However in some cases the authentication URL
does not require this. |
Instead Basic Authentication is required to access the authUrl. Here the user and password fields shown above are required -->
<clientId>openid client id</clientId>
<clientSecret>openid client secret</clientSecret>
<!-- Optional Array: Scope of request -->
<scope>openid</scope>
<scope>email</scope>
<!-- Optional Array: Audience
for
whom request is intended. Used to validate response. If omitted the clientId and username become are used -->
<audience>audienceId</audience>
<audience>audienceId2</audience>
<!-- Optional: Issuer of the access token. Used to validate response. If omitted the root url of authUrl is used. -->
<issuer>
https
Instead
Basic Authentication is required to access the authUrl. Here the user
and password fields shown above are required -->
<clientId>openid client id</clientId>
<clientSecret>openid client secret</clientSecret>
<!-- Optional Array: Scope of request -->
<scope>openid</scope>
<scope>email</scope>
<!-- Optional Array: Audience for whom request is intended. Used to validate response. If omitted the clientId and username become are used -->
<audience>audienceId</audience>
<audience>audienceId2</audience>
<!-- Optional: Issuer of the access token. Used to validate response. If omitted the root url of authUrl is used. -->
<issuer>https://sso.aquadesk. |
nl<
<!-- Optional: A refresh token can be used if provider supports this. --> |
<refreshToken>refresh access
<refreshToken>refresh access token</refreshToken> |
OAuth2 Authentication versions before 2017.02
<importType>DigitalDelta</importType> |
hostdummy_hostname:port/FewsWebServices/rest/digitaledelta/1.0/timeseries</serverUrl> |
<user>username< <user>dummy_username</user> -- |
> > <!-- normally not required for OAuth2 --> |
<password>userpassword< <password>dummy_password</password> -- |
> > <!-- normally not required for OAuth2 -- |
>
<properties>
<string
<properties>
<string key="authUrl" value="https://accounts.google.com/o/oauth2/token" /> |
<string
<string key="issuer" value="https://sso.aquadesk.nl" /> |
<string
<string key="clientId" value="id...." /> |
<string
<string key="clientSecret" value="*****" /> |