Create external actions

You can create external actions and embed them in the UI. External actions can launch external websites or applications that interact with OpenText Core Software Delivery Platform.

Note: External actions are available as technical preview.

In this topic:

Overview

You can create two types of external actions: custom toolbar buttons and sidebar plugins.

The current topic provides information that applies to both types of external actions. For specific sidebar plugin guidelines, see Create sidebar plugins.

Note: Work with external actions requires space admin permissions. For details, see Roles and permissions.

Custom toolbar button overview

You can create a custom action that is added to the toolbar of an item. The button can be added either to the grid view, to operate on a single or multiple items, or to the details view, to operate on a single item.

Example:

In this case, a custom action labeled General Details was added to the defects grid toolbar. When clicked, the action opens an external website that lists the defects selected in the grid.

A custom action labeled General Details was added to the defects grid toolbar.

Back to top

External action's structure

An external action consists of two parts: a JSON configuration object and the code.

JSON configuration object

The action's configuration is defined by a JSON object. The object describes the external action's properties, such as the entity type that the external action operates on, and the icon that represents the action in the UI. Some properties are relevant to custom toolbar buttons and sidebar plugins, while some properties are relevant to only one of the external action types.

The JSON structure also specifies the entities and fields that the external action operates on.

For details, see Define external actions.

External action code

  • In the case of a custom button, the external action may open the item on another tool or launch an organizational website.

    In the case of a sidebar plugin, the external action embeds a web page in designated sidebars.

  • You can upload the code to OpenText Core Software Delivery Platform, or host it on an external server.

    • For details on uploading the code, see Host external actions.

    • If you host the code on an external server, you must establish trust between the OpenText Core Software Delivery Platform server and the external server. For details, see Use CORS for external actions.

  • To interact with data from OpenText Core Software Delivery Platform, the code can include REST API requests. For details, see REST API.

Back to top

Define external actions

You can define external actions in the following ways:

  • By uploading a zip bundle with a pre-configured JSON file.
  • By configuring a JSON file directly in the External action editor.

The JSON file can include code for one or more external actions. For details on the JSON properties, see JSON structure.

Define an external action with a zip bundle

Add an external action by uploading a zip bundle with a pre-configured JSON file to the External action editor.

Prerequisites:

  • Ensure that a zip bundle includes a pre-configured JSON file named action-configuration.

    The file must contain the configuration that you could paste in the External action editor when using the alternative method of defining an action directly in the editor.

  • Ensure that the configuration file includes only one valid configuration. This means that when defining a JSON configuration object, you cannot use square brackets [...] to introduce an array. You cannot define arrays of configurations when uploading a zip bundle.

To upload a zip bundle:

  1. As a Shared Space admin, select Settings > Management > External action editor.

  2. In the External action editor, click the Upload Bundle button .
  3. In the Upload Bundle for Action dialog box, in the Upload Purpose field, select Upload New Action.
  4. Click the Select bundle button .

  5. Locate and add a zip bundle of a new action, and click OK.

    The configuration of a new action is displayed in the external editor.

Define an external action in the editor

Add an external action by configuring a JSON object directly in the External action editor.

To define an external action in the editor:

  1. Open the Settings menu and click External action editor.

  2. Write or paste the JSON code that represents a custom button or a sidebar plugin that you are adding.

  3. Click Save.

    Tip: Click Load Demo to load JSON code with examples of various configuration options for the external actions.

Back to top

Supported events

You can send the following OpenText Core Software Delivery Platform events from the web application to the action.

Event Description
octane_refresh_entity

Instruction to refresh specified items after they have been updated in the external application.
octane_display_entity Instruction to display details of a specified item.
octane_entity_was_added

Notification that a new item was created. The new item is displayed where relevant, the same as it would had it been created inside OpenText Core Software Delivery Platform.

For example, when adding a new defect, if the defects grid is displayed, the defect is displayed at the top of the grid.
octane_refresh_list

Instruction to refresh the full grid after an update was made in the external application.

octane_select_entity Instruction to select specified entities in the grid.
octane_set_dialog_title If the external action opens a dialog box, use this event to set the dialog box's title.
octane_close_dialog

If the external action opens a dialog box, use this event to close the dialog box.

octane_read_settings Queries for the current user's settings for the application or a specified module. The results are returned in JSON format.
octane_update_settings Adds a new value to the settings. The value is stored in the "text" key.
octane_report_error Instruction to add an entry to its errors log.

Implementation notes

  • The code should be implemented in the target web application.
  • For actions opened in a new browser tab, post messages using window.opener.
  • For actions embedded inside a dialog box, post messages using window.parent.
  • If the code fails on "opener undefined", check that the action is configured with "events": true.
  • If a refresh event or a message is sent for an entity that is currently being edited by the user and has changes unsaved to the server, the UI will not refresh to prevent data loss.

Code examples

The following examples assume that params holds parameters that were sent to the external application using the url parameter.

Event Example
octane_set_dialog_title
Copy code 
var message = {
    event_name: 'octane_set_dialog_title',
    shared_space: '1004',
    workspace: '1006',
    data: {
        dialog_id: params.dialog_id,
        title: 'Our custom dialog title',
    },
};
window.parent.postMessage(message, '*');
octane_close_dialog
Copy code 
var message = {
    event_name: 'octane_close_dialog',
    shared_space: '1004',
    workspace: '1006',
    data: {
        dialog_id: params.dialog_id,
        refresh: true,
    },
};
window.parent.postMessage(message, '*');

Set refresh: true in the message to refresh the displayed view. This refreshes the grid or the details view, depending on the view from which the action was triggered.
octane_refresh_entity
Copy code 
var message = {
    event_name: 'octane_refresh_entity',
    shared_space: '1004',
    workspace: '1006',
    data: {
        entity_type: 'work_item',
        entity_ids: ['1003', '4005'],
    },
};
window.opener.postMessage(message, '*');
octane_display_entity
Copy code 
{
    event_name: 'octane_display_entity',
    shared_space: '1004',
    workspace: '1006',
    data: {
        entity_type: 'work_item',
        entity_id: '1050',
    },
}
octane_entity_was_added
Copy code 
{
    event_name: 'octane_entity_was_added',
    shared_space: '1004',
    workspace: '1006',
    data: {
        entity_type: 'defect',
        entity_id: '1050',
    },
}

Back to top

Icons

Choose an icon from the list below to use for the custom button or sidebar.

Tip: To view in full detail, click to zoom in, then right-click the image and open in a new tab.

Icons available to use in a custom button or sidebar.

Back to top

Verify user identity

Applications that interact with OpenText Core Software Delivery Platform can verify if the user that invoked an external action is a user currently signed in to OpenText Core Software Delivery Platform.

External actions can do the following:

Verify user identity with a token

You can configure an external action to send the {user_identity_token} to a target application as a query parameter. The target application can then use the token information to verify the identity of an OpenText Core Software Delivery Platform user that invoked an external action.

The {user_identity_token} is a JSON Web Token (JWT).

When using the token information, an external action does not need to send authentication requests to confirm the user identity.

Note: For GDPR compliance, when using the {user_identity_token}, an OpenText Core Software Delivery Platform user must agree to share their identity information.

The {user_identity_token} contains the following information:

Property Details
name Username of the OpenText Core Software Delivery Platform user.
email Email of the OpenText Core Software Delivery Platform user.
iat Unix time, in seconds, that represents the token issue date.
exp Unix time, in seconds, that represents the token expiration date.

To verify user identity with the token:

  1. If you are verifying the token validity from an external action's web application, and not from the server, allow OpenText Core Software Delivery Platform to support CORS by setting the CORS_ENABLED parameter to true. This lets an external action make requests to OpenText Core Software Delivery Platform from the hosted iFrame.

    Skip this step when verifying the token validity from the server.

  2. Configure an external action to support user identity tokens by adding the {user_identity_token} URL token to the action's url property.

    Following is a sample url configuration that uses the user_identity_token property:

    Example: "url": "{bundle_url}/my_folder/index.html?entity_ids={entity_ids}&entity_type={entity_type}&shared_space={shared_space}&workspace={workspace}&user_login={user_login}&email={user_email}&octane_url={octane_url}&dialog_id={dialog_id}&user_identity_token={user_identity_token}"

    When an OpenText Core Software Delivery Platform user clicks an action button, or a tab that displays the external action in an iFrame, a user identity token is generated and added to the external action invocation URL.

  3. Confirm the identity of an OpenText Core Software Delivery Platform user:

    1. Extract user_identity_token from the request.
    2. Parse the user_identity_token and decode the token information using the Base64 decoder or any other third-party library that fits your programming paradigm.
    3. Verify the token expiration date.

    4. Verify the user_identity_token validity with the help of a public key. You can retrieve the key using the following API request: https://<octane.example.com>/api/jwt/key.

      Technical preview: This API is technical preview. When calling it, use the ALM-OCTANE-TECH-PREVIEW header.

      The RSA public key is returned as a Base64-encoded string.

    5. Using the public key, verify the token signature.

      Depending on the library you are using to verify the token signature, you may need to convert the key to the PEM format by adding the header and footer strings. Below is an example of JavaScript for the key PEM format.

      Example:  

      const {key: publicKey} = await response.json();

      const publicKeyInPEMFormat = '-----BEGIN PUBLIC KEY-----' + publicKey + '-----END PUBLIC KEY-----';

Verify user identity using CORS authentication

Interacting applications can verify a user's identity using the CORS request.

To verify the user identity using the CORS request:

  1. Allow support for CORS by setting the CORS_ENABLED parameter to true.
  2. Ensure the CORS_AUTH_ALLOW_ORIGIN parameter lists the external action server base URL.

  3. Ensure the SAME_SITE_COOKIE_ATTRIBUTE parameter controlling cookies is set to none.

    For details, see Configuration parameters.

These settings allow an external action to send requests from the external action's web application to the OpenText Core Software Delivery Platform's server using the current authentication context, established when the user signed in to OpenText Core Software Delivery Platform.

To get the details of a currently signed-in user, such as a user ID and email, the external action can call https://octane.example.com/api/current_user.

Example: {"id": "<userid>", "email": "<user@email.com>", "name": "<username>" //user name in OpenText Core Software Delivery Platform}

Back to top

Use CORS for external actions

If your external actions are hosted on a domain other than OpenText Core Software Delivery Platform, you can establish trust by either using an API key in the code, or using the CORS mechanism.

This section discusses using the CORS mechanism for external actions.

The CORS mechanism for external actions involves the following:

  • Setting CORS configuration parameters
  • Sending an anti-CSRF cookie in requests

To enable CORS actions:

  1. Make sure the following CORS parameters are enabled and configured: CORS_ENABLED, CORS_ALLOW_ORIGIN, CORS_AUTH_ALLOW_ORIGIN, CORS_MAX_AGE

  2. Set the following site parameter:

    Parameter Value
    SAME_SITE_COOKIE_ATTRIBUTE None

    For details, see Configuration parameters.

To send an XSRF cookie in requests:

To prevent non-authorized servers from accessing the OpenText Core Software Delivery Platform server, requests from external servers need to include an XSRF header that sends a unique cookie.

Following is a sample code snippet for an XSRF header:

Copy code 
const xsrf = new URL(document.location.href).searchParams.get('xsrf_token')

await fetch(url, {
    headers: {
        "XSRF-HEADER": xsrf,
        "content-type": "application/json",
    },
    method: "PUT",
    ...
});

Back to top

Host external actions

As an alternative to storing external action code on an external server and establishing trust with OpenText Core Software Delivery Platform, you can upload the external action code to OpenText Core Software Delivery Platform.

You can upload all the external actions in the same zip file, or upload each external action in a separate file.

With bundled files, the different external actions can also use shared code. For example, if you have external actions foo and bar that reference shared code common, structure the folders as follows:

Example of host external actions that reference shared code.

Prerequisites

  • Make sure that the parameter SUPPORT_EXTERNAL_ENTITY_ACTIONS_BUNDLE is enabled.
  • Configure the other external action parameters as required: EXTERNAL_ENTITY_ACTIONS_BUNDLE_MAX_SIZE, EXTERNAL_ENTITY_ACTIONS_FILE_EXTENSION_WHITE_LIST

For details, see Configuration parameters.

To upload external actions:

  1. Define the action in the external action editor, using the JSON syntax. For details, see Define external actions.

  2. Click the Upload Bundle button .

    In the Select Action dropdown list, select the name of the action whose code you want to upload, or select Common to upload a bundled file.

    Note: To replace a bundled zip that contains multiple actions, select Common.

  3. Locate the zip file and upload it.

    An internal guid is created for the action, and the guid is added to the external action definition in the JSON.

  1. In the external action editor, update the "url" property to point to the uploaded file, as follows: "url": {bundle_url}/foo.html

    {bundle_url} is a token denoting OpenText Core Software Delivery Platform's server address.

Back to top

REST API for external actions

The following examples demonstrate GET and PUT scripts for reading and updating external actions.

Get external actions

Copy code 
GET https://alm-octane.example.com/api/shared_spaces/1001/external-entity-actions
HEADERS:
 - ALM-OCTANE-TECH-PREVIEW: true

Update external actions

Copy code 
const entity = {
    fieldName: fieldValue,
};

const xsrf = new URL(document.location.href).searchParams.get('xsrf_token')

fetch(
    '/api/shared_spaces/' +
    sharedSpaceId +
    '/workspaces/' +
    workspaceId +
    '/work_items/' +
    entityId,
    {
        headers: {
            'content-type': 'application/json',
            'XSRF-HEADER': xsrf,
        },
        body: JSON.stringify(entityData) ,
        method: 'PUT',
        credentials: 'include',
    }
);

Back to top

See also: