Hi,
I'm writing a program which extract informations from PW datasource, using the Web Services Gateway.
We use Bentley IMS to connect to datasource, so I want to use the same method. The documentation mention Bentley STS and OAuth2, but is not very precise and I don't find a way to achieve that :
All requests having a {RepositoryId} parameter must have one of the following:
Does anyone can explain how to configure the header using the token, or give an example ?
Thanks
Benjamin
I've just been doing some work in this area and it was pointed out that there has been no answer to this.Here's a very simple PowerShell script using WSG to download files. You will need at least version 1.11.2.0 of PWPS_DAB to run this script.
$wsgURL = 'decide-pwce-us-ws.bentley.com/.../Bentley.PW--'$dsn = 'decide-pwce-us.bentley.com~3Adecide-pwce-us-10'$class = 'PW_WSG/Document'$id = '560ff1f5-bcab-4527-916b-6d240e0c45f8'
# $downloadUrl = 'decide-pwce-us-ws.bentley.com/.../$file'
$downloadUrl = "$wsgURL$dsn/$class/$id/" + '$file'
# requires federated account$token2 = Get-PWConnectionClientToken -ConnectedProjectUser dave.brumbaugh@eagle.bentley.com -ConnectedProjectPassword (Read-Host -Prompt Password -AsSecureString)
# just for information to see the underlying SAMLConvertFrom-EncodedToken $token2
$random = Get-RandomString -Length 10 -Characters "abcdefghijklmnopqrstuvwxyz"
Invoke-WebRequest -Method Get -Uri $downloadUrl -Headers @{Authorization = 'Token ' + $token2} -OutFile ("c:\temp\" + ($random) + ".pdf")
# alternative method for connecting to WSG with logical user account$logicalToken = Get-EncodedLogicalToken -User "MyUser" -Password (Read-Host -Prompt Password -AsSecureString)
Invoke-WebRequest -Method Get -Uri $downloadUrl -Headers @{Authorization = 'Basic ' + $logicalToken} -OutFile ("c:\temp\" + ($random) + ".pdf")
Hi Dave,
Thank you for this workaround, it works but now my problem is to get the token, because I need to be able to use other language than powershell (like python).
Currently my workaround is every week I have to use Get-PWConnectionClientToken from pwps_dab to get a token and store it in a file. Then I can read it from my script and use it.
It's not convenient and not secure.
It would be much better if I could directly get the token from Bentley IMS using oauth2 / imsoidc. But I'm very not familiar with that, and I didn't find any documentation from bentley.
Our goal is to integrate our in-house applications with ProjectWise. And we want to do it using Rest API, because some of apps are desktop apps, but other are web apps.
I'm surprised the logical account with Basic doesn't work (at minimum). Might be a version thing with your installation. I will experiment a little bit with my installation and let you know. Maybe just drop me an email so we can communicate directly. Dave.
I just got this to work with a Basic token:
$authVal = "Basic $(ConvertTo-EncodedToken "LogicalAccount:XXXXX")"
$url = "">decide-pwce-us-ws.bentley.com/.../1284429e-4eb5-46b3-aa25-6d704ddf7719"
Invoke-RestMethod $url -Method GET -ContentType 'application/json' -Headers @{"AUTHORIZATION"=$authVal}
I don't know if that helps you or not.
Dave
BTW, my Connection Client token and my non-federated token failed. I'm not sure what to make of that. Those tokens work fine for logging into the datasource from PowerShell and from PW Explorer. Maybe some new firewall rule does not let the WSG server contact IMS? Don't know.
Thanks for your continued support on this. The WSG documentation states that Basic auth can only be used on-premises (which I've managed to use successfully) and not on Bentley-hosted datasources (most of this quote is in the original post of this thread):
Note: For Bentley Web Services Gateway running in the Bentley CONNECT environment, all requests must have a Token header. On-premise installation allows a request to list Repositories without authorization headers.
After over a year of trying to find how to get this darn token, including raising support requests and waiting for a solution they said they were developing but failed to deliver, I thought I would try the Powershell workarounds but as you seem to also be finding, I can't get any of those to work either.
The WSG is obviously used by other Bentley tools so there must be a way to get the required token somehow...?
I did my testing on a WSG Server running in the CONNECT environment (whatever that means). I am assuming it means a WSG server hosted by Bentley.