Comments (4)
ericvw
commented on May 25, 2024
@yupinghu, please update with your findings and status. Just a reminder :).
from blpapi-http.
yupinghu
commented on May 25, 2024
Whoops, forgot this was here. :)
The core part of authorization is the Identity object. It contains the authorization info and is passed into every BLPAPI request; the request will take into account what the Identity is entitled to and the response will reflect that (possibly will result in an error response if the Identity is not authorized properly for that request).
To correctly populate the Identity, you use Session::sendAuthorizationRequest. When this request completes successfully, the Identity object will have been altered to reflect this (and when used in future requests, will do the right thing). The Request object passed to sendAuthorizationRequest needs to specify enough info to be able to authorize the user. This consists of either a UUID & IP address (e.g. for SAPI, this is where the user is logged in to the Terminal), or a token (e.g. for BPIPE).
The UUID/IP address mechanism assumes you're logged into the Terminal and know how to get that info, which is not the use case for the http server. So we'll want to use tokens. I'll get to token generation below, but the high level point is that authorization basically boils down to getting a valid token. I'm working on changes that, given a token, will take care of the rest.
(Currently the developer's guide (2.54) has conflicting info. The BPIPE examples use tokens to authorize the user, but the schema section suggests that this is deprecated. Given that we plan on using this token mechanism, we should investigate what the replacement for this is, if it's deprecated, or update the dev guide to not call it deprecated.)
Right now, the only ways I can see of getting a token are using Windows login info, or by generating a MSG to the user containing the token string. The first one obviously doesn't work for us, and the latter is not a good user experience. In the short run, it's good enough for developing the authorization code in the http server, but we'll need to think about how the user will actually input the token.
from blpapi-http.
yupinghu
commented on May 25, 2024
Anyway that's the overview of how it works. My changes that implement this will have docs/examples that should make it more clear what's going on, and I'll close this issue at that time.
from blpapi-http.
yupinghu
commented on May 25, 2024
bloomberg/blpapi-node#37 adds support for authorization requests.
from blpapi-http.
Related Issues (20)
- Handle auth for websocket subscription
- Remove 'connected' server => client event for subscriptions
- Subscribe/unsubscribe message events should echo correlations ids
- Subscribe/unsubscribe route should echo back correlation ids(long-polling subscription)
- Support //blp/mktdepth
- Support //blp/mktlist
- Support //blp/srcref
- Support publishing data
- ES6: Transition to Map
- ES6: Transition to Generators
- ES6: Transition to native Promise
- Fix for a circular reference issue HOT 1
- TypeScript 1.5.0-alpha breaks TravisCI build for node v0.10 HOT 6
- Remove usage and references to hackathon
- Probable memory leak in native memory with subscription data HOT 1
- 'let' and 'const' declarations available only when targetting ECMAScript6 and higher error HOT 6
- Enhance command line support for MarketDataSubscription_LongPoll.js example
- Scala examples HOT 1
- Datetime handling before Unix epoch HOT 16
- time resolution when retrieving tick data
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blpapi-http.