2

I'm attempting to use Adobe's Digital Publishing Suite Web Viewer. I've set up my Web Viewer correctly - it is working within my website. However, it is not authenticating that each user has access to the folio that the Web Viewer is accessing. Adobe has a sort of documentation on how to do this, but their documentation seems lacking. It seems as if Adobe is asking me to get users' username and password to Adobe - but that can't be right. I doubt Adobe would invite phising. But that isn't the only point I'm lost on.

My current script is as follows:

    var wvQueryParamGroups = location.search.match(/[?&^#]wv=(s[\/%\-.\w]+)/),
    wvQueryParam = wvQueryParamGroups && wvQueryParamGroups.length === 2 ? decodeURIComponent(wvQueryParamGroups[1]) : null;

    function loadXMLDoc(url, successCallback, failCallback) {
        if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
            xmlhttp = new XMLHttpRequest();
        }
        else {// code for IE6, IE5
            xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
        }
        xmlhttp.onreadystatechange = function () {
            if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
                var parser = new DOMParser();
                var xmlDoc = parser.parseFromString(xmlhttp.responseText, "application/xml");
                successCallback(xmlDoc);
            } else if (xmlhttp.readyState == 4 && xmlhttp.status == 0) {
                alert("unsuccessful cross-domain data access attempt?");
                failCallback(xmlhttp.status);
            } else if (xmlhttp.readyState == 4) {
                failCallback(xmlhttp.status);
            } else {
                console.log('readystate=' + xmlhttp.readyState + ', status=' + xmlhttp.status);
            }
        }
        xmlhttp.open("GET", url, true);
        xmlhttp.send();
    }

    function directEntitlementSignIn(directEntitlementURL, emailAddress, password, appID, authTokenSuccess, authTokenFail) {
        var response;
        if (!authTokenSuccess || !authTokenFail) {
            throw new Error('Callbacks are required: ');
        }
        loadXMLDoc(directEntitlementURL + '?emailAddress=' + emailAddress + '&password=' + password + '&appId=' + appID,
        handleToken = function (data) {
            token = data.documentElement.childNodes[0].innerHTML;
            authTokenSuccess(token);
        }
        );
    }

    function onAuthTokenSuccess(token) {
        alert(token);
        // pass the token into the Authenticator class's login method
    }

    function onAuthTokenFail(status) {
        alert("fail: " + status);
        // prompt the user to try logging in again
    }

    function signIn(emailAddress, password) {
        var deAPIURL = 'http://127.0.0.1/hostDemos r27/authHard/test.php';
        var emailAddress; // user's login ID.....get from form
        var password; // user's password ... get from form
        var appID = 'com.publisher.magazine';

        directEntitlementSignIn(deAPIURL, emailAddress, password, appID, onAuthTokenSuccess, onAuthTokenFail);
    }

    function eventCallback(ev) {
        if (ev.eventType == "paywall") {
            return false;
        }
        if (ev.eventType == "metadata") {
            return true;
        }
        console.log(ev);
        return true;
    }

    function errorCallback (message) {
        console.log(message);
        return true;
    }

    function redirectCallbackHandler (message) {
        console.log(message);
    }

    var wv_appName = "Professional Roofing";
    var wv_accountID = Account_ID_Is_Here; //Hiding account ID purposely
    var wv_folio = "August 2014 Issue";
    var wv_article = "Cover";
    var wv_url = '/s/' + wv_appName + '/' + wv_accountID + '/' + wv_folio + '/' + wv_article + '.html';
    console.log(wv_url);

    var bridge = adobeDPS.frameService.createFrame({
        boolIsFullScreen : true,
        parentDiv : 'mainContainer',
        wrapperClasses : 'uniqueFrame',
        iframeID : 'demoFrame',
        accountIDs : wv_accountID,
        wvParam : wvQueryParam ? wvQueryParam : wv_url,
        curtainClasses : 'mask hidden',
        eventCallback : eventCallback,
        errorCallback : errorCallback,
        redirectCallback : redirectCallbackHandler
    });
Noah Crowley
  • 455
  • 2
  • 7
  • 17

1 Answers1

1

Adobe doesn't need your username and password, they need an authentication token. To make it work you need:

  • Implement the Direct Entitlements API
  • Ask you account representative in Adobe to create an integrator id

After that you need to create an authenticator:

  auth = adobeDPS.authenticationService.createAuthenticator(strAccountID, strIntegratorID);

And pass to it the authToken

 auth.login(token, successCalck, errorCallback)
Dimas Kotvan
  • 723
  • 1
  • 7
  • 10
  • Oh, okay, thank you! It works-ish now. Now, if their login is invalid, they don't get the Folio. However, if they're logged in, even if they shouldn't have access to the Folio, they're getting it. – Noah Crowley Aug 18 '14 at 18:04
  • Noah if your entitlement server is not returning that the user have access to that product id they only have access to the folio if it was published as Public and Free in the Folio Producer – Dimas Kotvan Aug 27 '14 at 16:15