Categories
Blog

Best way to handle oauth tokens (access and refresh tokens)

Before you start offering your end users the ability to integrate and push or pull data from other application into your app, you need to have an OAuth tokens system, or more commonly called the OAuth Token Management System.

OAuth Token management system is a framework that you would need to generate access tokens, get refresh tokens and stamp all API calls between your app and the 3rd party provider. Every provider you integrate with, will request for a different method and token requirement. This means you will need an extensive token management system that would handle different scenarios and requirements.

Before we proceed to best way to handle OAuth tokens for both access tokens and refresh tokens, a quick intro to what an OAuth token is.

What are OAuth Tokens?

OAuth tokens act like a pass for an application to gain access to a set of data. The best analogy to understand this is to think of a hotel keycard. The keycard that was generated for you gives you access only to your room, not all the rooms in the hotel. OAuth tokens work in pretty much the same way, they allow you to get access to a set of permitted data.

Here is a detailed post on what is OAuth and the different pieces required to complete the OAuth based integration: https://pathfix.com/blog/looking-to-offer-integrations-to-your-users-you-need-oauth/

Token Management System

An OAuth token management system needs to perform the following activities:

  • Generate tokens
  • Verify the tokens
  • Refresh expired tokens
  • Store tokens in a secure data storage
  • Secure at-rest and in-transit

The token management system must be secure, with tokens being accessible only by the service provider.

The traditional approaches of getting an OAuth token management system would be either to build it yourself or use an open source solution.

Should you build an OAuth token management system?

30% of time spent on building OAuth connectivity goes into building a secure OAuth token management system. This roughly translates to approx. 600+ hours spent on building the token management system alone, for just 5 providers. And since most providers don’t follow the same token approach, you will need to build a new system for each provider.

This is time spent on only one piece of the OAuth connectivity puzzle.

What about open source OAuth token management system?

We love open source. As developers, we understand the value of open source. It allows us to simply pick and use software extensions to add to our existing application.

However, since the open source piece of code isn’t maintained by anyone, stability becomes a concern as there isn’t any ownership or review mechanism in place.

Pathfix Token Management System

An open and flexible system, Pathfix takes care of the entire token management process. From the time the user clicks on Integrate, the system will generate and manage the tokens that are required for each provider. This includes the OAuth tokens, Access tokens, Refresh tokens and any API stamping required by the provider.

This means, you can get your OAuth connections running in just a few minutes and use the hours you would’ve spent building the OAuth system into building your application instead.

Why Pathfix

Secure and stable. Pathfix encrypts all the tokens, get you connected to the providers API endpoints with ease and gets you connected instantly. With guaranteed uptimes and constant updates and features rolled out, makes Pathfix the perfect OAuth solution for your integration needs.

Here is a Playground that you can use to try different endpoints. You can signup for a free Pathfix account here and see the OAuth Token Management System in action in your own app.

Categories
Tutorials

Test And Make Calls To Any OAuth Endpoint and REST API

Pathfix Playground. As the name suggests, is a playground built by the team here at Pathfix to help users connect to different providers and connect to their endpoints and APIs.

In this tutorial, we will walk through on how to use the Pathfix Playground to work with and test multiple provider OAuth endpoints and make API calls

Prerequisites

You will need the following to follow the tutorial:

  • Link to our Playground 🙂
  • Access/create your Pathfix account here

Background

The Playground has been built to connect to some of the most commonly used providers. The clientids and clientsecrets used in this Playground are that of Pathfix. Some of these apps are awaiting approval from the provider and you may see a warning before you authorize. These are apps that are registered with the provider and is currently awaiting approval. You can always use your own clientid and clientsecret within your Pathfix account and test the connection.

Connecting to Endpoints

Visit the Playground right here to begin connecting: https://app.pathfix.com/playground

  • Select a provider from the left navigation bar
  • The button to Connect will appear, click to authenticate your account
  • On authentication, you can select a Method from the dropdown to test the connection
  • The endpoint URL will be auto-filled for the Method selected
  • Hit SEND to send the call request
  • The RESPONSE field will show the response received from the provider

Sample SEND Call:

{
"url": "https://www.googleapis.com/gmail/v1/users/me/messages",
"method": "GET",
"payload": {}
}

Sample SUCCESS Response:

{
"rows": [
{
"pincStatus": "success",
"statusCode": "200",
"contentType": "application/json",
"data": {
"messages": [
{
"id": "172da3933ffb3f5d",
"threadId": "172da3933ffb3f5d"
},
{

The endpoint URL can be changed to any of the providers available endpoints

Conclusion

Pathfix handles the entire authentication, authorization and communication between your app and the provider. Including the token management required for access and refresh tokens as well as stamping API calls from the point your users click the integration button on your app.

You can access the Playground here: https://app.pathfix.com/playground

Categories
Tutorials

Building integrations to Typeforms OAuth APIs and Endpoints

Pathfix makes it extremely easy to connect and consume oauth based APIs and Endpoints, allowing you to offer your endusers quick integrations.

In this tutorial, we show you how you can connect to Typeform's endpoints and APIs with Pathfix in under 4 minutes. Pathfix is an OAuth tool that gets you connected to any provider with just a few lines of code. It handles the entire framework, token management system and servers, without needing SDKs, all ready to go.

Prerequisites

You will need the following to follow the tutorial:

  • Developer account with Typeform. You can access your here
  • Access/create your Pathfix account here
  • Access to your code base to implement

Add your App on Typeform

  • Access the Applications section in Typeform
  • Click on Developer Apps from the left nav bar
  • Click Register a new app and enter your app name, your app website
  • Add the following Pathfix generated Redirect URL: https://labs.pathfix.com/integrate/command

Add your application in Pathfix

Login to your Pathfix account here

  • Add your application by clicking “Add Application” and entering the name of your application (this is for your internal purpose and you can add as many applications as you want)
  • In the Integrations page, find the provider Typeform
  • You will need to enter the clientid and clientsecret provided by Typeform here. To get this, you will need to go into Typeform
  • Click on Save

Scopes

You can add or remove the scopes you would like to access from the edit screen. Here is the list of all the scopes that is supported by Typeform:

https://developer.typeform.com/get-started/scopes/

Testing the connection

Once saved, you can test the connection directly within Pathfix. To do this, you will need to click on Instructions -> Test connection

Click on the button “Integrate with Typeform” to authorize your connection and process with the authorization.

You can change the endpoint URLs and connect to different APIs offered by Typeform. Make sure you change the scopes to remove or add different access levels.

Implementing the integration

There are 2 simple, minimal code, steps to implementing the integration on your platform. As Pathfix is an open framework platform, this means you can offer any UI you choose, while Pathfix will handle the authorization and the API communication between the applications.

Step 1

  • This steps renders the button that will allow your users to click-to-authenticate
  • You can customize the button behavior by clicking on Configure
  • Copy the <head> code and paste it on the <head> of the page

Sample <head> code:

<script src="https://labs.pathfix.com/helper.js" data-user-id="Lanternly_end_user_id" id="pinc.helper" modules="popups,modals,oauth" data-public-key="1A78A4E2-86CC-4660-BF84-3E4B50B34808" ></script>

  • Copy the <body> code and paste it on the <body> section of your page where you want the button to render

Sample <body> code:

<div data-oauth-ui="list" ></div>

Step 2

  • This steps enables the communication/payload between applications
  • You can write either client-side or server-side code to send messages to your end user’s application. Copy the code and paste it to your desired code base.
  • You can choose between HTTP, JavaScript (JQUERY), Python, Nodejs, C# or PHP

Sample code (HTTP)

POST /oauth/method/typeform/call? user_id=Lanternly_end_user_id &public_key=1A78A4E2-86CC-4660-BF84-3E4B50B34808 &private_key=88BAA3A4-C021-429B-9469-ECE9206EF6DE HTTP/1.1 Host: labs.pathfix.com Content-Type: application/json { "url": "url_to_typeform_API", "method": "method_to_use_with_this_call", "payload": { payload_as_requested_by_typeform }, "headers": { header_if_requested_by_typeform } }

Need more documentation? Find it here: https://docs.pathfix.com

Conclusion

This tutorial enabled the authentication and enabled enduser integration to Typeform and allowed you to consume all the endpoints offered by Typeform.

Categories
Blog

Looking to offer integrations to your users? You need OAuth

Integrations. According to a recent study by Gartner, through 2020 SaaS companies will be spending 50% of development time on integrations. Platforms all over the world are implementing integration-first strategies to grow and scale their product usage.

However, before you can offer any SaaS integration to your users, there is a crucial piece of technology implementation you need to know – OAuth.

While there are several SaaS solutions that deal with integrations, these mostly handle internal workflow automations and not user facing, native integrations. This is where OAuth comes in.

To know more about the difference between a workflow automation tool and an oauth solution, read our post on Pathfix Vs. Zapier.

What is OAuth?

According to Wikipedia “OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.”

In simple terms – OAuth allows you to receive authorization from your users to get access to their data. This data does not only mean user identity, but access to data they have with their providers.

OAuth framework is the most secure and preferred method adopted by most providers globally to allows for communication between applications. This is largely two-way communication, pushing data to platforms and/or pulling data into your platform.

OAuth Scopes

Scopes limits the SaaS application’s access to the user’s data. During authorization, the user is presented with a consent screen that shows the scopes it wants to access. The user can then allow or deny access to the scope presented. The SaaS app can request access to one or more scopes which will show up in this consent screen.

Scopes are always defined by the service provider; they define what data can be accessible by 3rd party and what cannot. While accessing, it is always a good idea to check the scopes permitted by the provider and enter that information that is requested as-is.

OAuth Grant Flow

The most common grant type is the Grant Flow. This flow exchanges an authorization code for an access token.

Here is how a typical Grant Flow works:

Image by Alexbilbie

Token Management System

As shown in the flow above, tokens are required during the process of receiving consent and permission from the user to access data. These are:

Access tokens – Applications use access tokens to gain and make API requests on behalf of the user. This token grants the requesting application access to specific data granted by the user.

Refresh tokens – Used when an access token is expired, a refresh token is sent by the client to refresh expired access tokens.

Your token management system needs to verify tokens, refresh expired access tokens, store tokens in secure and confidential data storage that is accessed by the provider only and most importantly, be secure in-transit and at-rest.

OAuth Authorization Server

The OAuth Authorization Server (AOS) is a gatekeeper that providers authentication and issues tokens. Also, it validates or rejects tokens before calls are redirected to the internal API server

The final piece, SDK’s

SDK stands for Software Development Kit (or devkit) is essentially a collection of tools you need to build on a platform.

They are designed to perform specific tasks, programming, or languages. This means if you are looking to build an integration to Google Sheets to pull all new entries into your application, you will need to look for and/or build an SDK that performs that exact task complete with the programming language, API and endpoints.

Most often, during the OAuth programming stage, this step consumes the most time as this requires research and finding the right and stable devkit to complete the actions you are looking for.

Or, Get Serverless OAuth Instead

So yes, building an OAuth module with the right server, SDK, token management and flows is time consuming and a bit complicated. Most service providers have their own structures and flows that you need to build for. Which means, one size does not fit all. If you are looking to integrate with multiple providers, you will need to go through this entire process again.

With Pathfix, instead of all that manual work, you can get oauth connected and start using any providers APIs in just a matter of minutes. Pathfix is an oauth tool that gets you connected to any provider with just a few lines of code. It handles the entire framework, token management and servers, without needing SDKs ever, all ready to go.

Reference Links

We recommend going through some of these reference links if you are looking to build the entire OAuth structure yourself

https://oauth.net/2/

https://www.oauth.com/

Categories
Blog

What is Single Sign On (SSO)? How can you add it to your existing login?

If you are building or part of an existing SaaS platform, you probably have already setup a login module where your users can enter an ID and password.

Your login module already manages the following:

  • Capture email and password
  • Store in encrypted modules
  • Account linking
  • Subscription linking
  • Feature access
  • Role definition

… essentially, everything you need to manage your users.

But, you would like to add a convenient button that would allow your users to use their login from an existing provider, to access your platform.

This is where Single Sign On comes in.


What is Single Sign On?

Single Sign On (SSO) is an online identification methodology that lets websites use other, trusted services to verify users.

Simply put, you offer your users the ability for them to login to your platform, using other websites login credentials. All this without creating or sharing passwords.

SSO leverages OAuth based authentication. The identity provider offers the requesting platform the ability to use their identity scope to allow their verified users to login to platforms. User verification is done completely by the service provider.

Why SSO?

There are multiple benefits of adding SSO to your platform. Let’s look at both sides –

  1. User Benefits
  2. Business Benefit.

User Benefits

Convenience: Your user gets to login to your platform using their existing login credentials. There are hundreds of platforms with hundreds of login credentials to remember and save. By adding an SSO option, you make it convenient for your user to login to your platform without the need for any additional login credentials to remember.

Faster login: Users get quicker access to your platform with an SSO button with no long sign up forms to fill.

Permission transparency: The entire authentication is completely transparent. Users get to see the data the platform is requesting for and allow access that is being requested by the app.

Secure: With oauth, there are no credentials shared between applications

Business Benefits

Less code to manage: an SSO based login approach allows businesses to extend their login module without adding any additional code to manage and maintain.

More users: Faster onboarding equals more signups. Businesses that add SSO have seen a significant increase in their signups since there are no forms to fill up adding to the signup funnel. User click to login and access your platform instantly, resulting in more signups.

Verified signups: User profiles are verified by the identity provider, this takes away the entire email verification process.

Added trust: Adding the ability to login with a trusted and existing provider add a sense of trust with the user since they are not sharing any sensitive data with you and your app has been verified by the service provider.

Secure login: Since there are no passwords to maintain, there is reduced chances of being hacked or stolen passwords


Popular Identity Providers

Here are some of the most popular identity providers

Identity Providers (SSO)

How to add SSO to an existing login module?

Pathfix’s SSO extension allows you to enable SSO in your existing login module in just a few minutes.

There are over 7 different identity providers you can choose from including Azure Active Directory, GitHub and Google; and quickly add them to your existing login module.

Here’s how you can achieve this:

  • Login to your Pathfix account here
  • Click on Extensions and select SSO (Single Sign On)
  • Select your Application from the drop-down
  • Pick the identity providers you would like to offer
Add single sign on to your login
  • Enter the Client ID and Client Secret received from the selected service provider . (Note: some providers also require a Tenant Id, you will see the option to enter it here if required)
Add Azure AD SSO
  • Once you have completed the above step for each service provider you wish to add (selected providers will be marked with a Green Check-mark)
  • Click on Generate Code
  • Edit the text for Button prefix
  • Enter the Callback function where you would like Pathfix to send the login information
  • Enter a Hello text (e.g. Welcome) (This is how the user will be welcomed on your page. The text is followed by the First Name, Last Name of the user)
  • Enter the code received into your existing login module (in the <div> where you want the social login buttons to show)
  • The social login buttons will immediately show on your login section

Conclusion

Adding an SSO login button to your existing login module is a great approach to build users and quicker on-boarding processes. The process of adding some of the most popular identity providers is quick using Pathfix’s SSO Extension.

Sign up for free account with Pathfix.

Need further clarifications? Reach out to our team.