Partners who run OAuth 2.0 flows on behalf of customers can limit security risks by building a custom app with a third-party service provider that allows their customers to authenticate OAuth 2.0 tokens without revealing their credentials to the partner.
Use the following steps to build the customer-facing authentication interface:
-
Create the connection and copy the connection ID.
-
Configure your customer-facing app to send the following GET call to the connection’s OAuth 2.0 API endpoint:
GET /v1/connection/:_connectionId/oauth2 -
The
GETcall returns anauthorizationURLfor you to deliver to the customer via the customer-facing application. -
The customer enters their credentials and is then asked to allow Celigo to access their account and related data. The customer checks the confirmation box, and clicks Confirm.
-
Celigo securely stores the customer’s authentication token in an encrypted iClient.
-
Optionally, you can specify the URL of your choice upon successful OAuth 2.0 authentication. See Redirect to a custom authorization URL, below.
In most cases, partners would want to bypass the default integrator.io redirect that happens after completing OAuth 2.0 authentication, to send their customers to another URL.
-
Retrieve the connection document mentioned above by making a
GETrequest using the Celigo integrator.io API:GET /v1/connections/:_connectionId
-
Copy the retrieved connection document ID.
-
Make a
PUTrequest to update the connection, passing the alternate URL of your choosing in theoauth2RedirectUrlfield:PUT /v1/connection/:_connectionId { "http": { "auth": { "oauth": { "oauth2RedirectUrl": "https://partner.com/callback" } } } } -
After successfully updating the connection, make the following
GETrequest to return the authorization URL:GET /v1/connections/:_connectionId/oauth2