Articles on: App Integrator

oAuth

OAuth 2.0 — an authorization protocol that allows you to grant one service (app) access to user resources on another service. The protocol eliminates the need to trust the app with a username and a password, and also allows you to grant a limited set of rights.

For Authorization, Redirect URI parameter is dynamic. Albato will transfer the required value to the system, but it must be specified in the URLs and in the request.

It is also necessary to pass the GET parameter State in the authorization URL. This is a required condition as Albato understands the user and the connection of the session.

If the service does not work with this parameter, setting is impossible.

Authorization setting



The oAuth authorization method differs from all other methods. Let’s see how it works in detail.

The first thing to set up in creating such Authorization is:

Authorization URL: In the opened window, enter the user URL to pass Authorization in the connected system. The URL must be entered in full, with all required GET parameters. GET parameters are written manually. In the parameter value, you can write static data or dynamic variables (when you click the field, a list appears, the variables are in the “Authorization parameters” tab), such as State_,_ Client ID, Redirect URI_._

Client ID: Enter “Client ID” of the app created in the system. This parameter is saved as part of the created Authorization.

Client Secret: Enter “Client Secret” of the app created in the system. This parameter is saved as part of the created Authorization.




Example:

Requests to receive and update token



Next, you need to set up HTTP requests to receive Access token and, if necessary, Refresh token_._

If you need to update token, check the Use RefreshToken box:



This checkbox allows to save received in the response Refresh token (which receives the Access token_)_ as a variable in the Response tab:

Further, creating a token update request widget, this variable will be available in the Request tab, and the value of the variable (we have previously saved) will be passed in the token update request.


Add a request widget to receive an Access token and set it as system need.

The following dynamic variables are available for the request:

Client ID: Parameter that was saved as part of the Authorization

Client Secret: Parameter that was saved as part of the Authorization

Redirect URI: Generated redirect URL that is linked to the created Authorization

Code: The code received in the response during Authorization and access granting.


It is necessary to set up the response parser in the Response tab, in order to receive, save and update the access token in the Authorization fields


If you need to update the token, add the same request widget in the “Update token” section. In this request, you can pass the same dynamic variables and previously obtained Access token and Refresh token.

It is necessary to set up the response parser in the Response tab, in order to receive, save and update the access token in the Authorization fields

Description



The creation of such Authorization gives the end-user URL by which he will provide access to the system. Then Albato will receive its temporary code, which will be exchanged for an Access token.

The obtaining request is made as soon as the user grants access, receives the necessary tokens and saves them within the connection. The update request is made at the moment when any application entities make an outgoing HTTP request and the app (service) gives an error of expired token (Errors handling with the appropriate type for the widget are to be set).

Updated on: 07/12/2022

Was this article helpful?

Share your feedback

Cancel

Thank you!