Authenticating to the FileMaker Data API with OAuth

You can log into the FileMaker 16 Data API with OAuth. At the time of this writing, there isn’t much in the way of documentation on how to do that.  In this article, we’ll show how it works and provide some sample code that you can use to get up and running fast.

Requirements

This is for FileMaker Server 16 only.  This doesn’t work with FileMaker 15.  You’ll need to have FileMaker Server setup to use OAuth for client access.  If you can’t connect with FileMaker Pro using OAuth, you won’t be able to use the techniques and sample files from this article. We’ll have an article up showing how to do that with Azure.

OAuth Dance

With OAuth, you send the user to a login page that is run and controlled by the “Provider”, and they login on that page with their username and password.  The Provider is responsible for maintaining the username and password, not you.  So nice! After the user logs in, they are redirected back to the original page with tokens of some sort.

FileMaker server adds to this dance a little bit by abstracting away the need to know what Providers are configured on the server already. If the server is setup with one or more providers, you’ll get a list of those providers with the URLs they need as part of the process.  The key to this dance is that the web page doing all the dancing has to be hosted on the FileMaker Server. This seems like a problem.  But it is one with a simple solution.

FileMaker Server Login Page

Looks simple, right?  Haha. Well, the good news is that it only needs to be solved one time, and we already solved it.  So you don’t have to figure it out unless you want to :-).

Here is what we did. We have created a web page that you can drop into your FileMaker server’s node-wip/public folder, that will do this dance for you.  You just need to send people to that page from your own page or FileMaker file and you get back the credentials after they are done. Once you have that little page installed you can use it from any other application or web page, including apps made by 3rd parties.

Testing and Example Apps

We also have a little test app that you can use to try this out, once you have everything installed.  You can reach it here.

https://fmlogin.geist.ws/

This web app is available to use as an example.

All of the code is available on GitHub. Please report issues and bugs there.

https://github.com/geistinteractive/fms-login-example
https://github.com/geistinteractive/fms-login