OAUTH2 - An Intro
Oauth1 and 2 are frameworks for access delegation. It allows two apps to interface with each other on behalf of the end user. The end user will have an account in both apps.
OAUTH specification is not a protocol but a framework. OAUTH 1.0 followed a 3-legged framework and OAUTH 2.0 specifies a 2 legged one. The framework simplifies the level of access (scope) the requesting app has to the user data in the service provider's app. All of it is managed by a sequence of tokens being exchanged between the two application that finally authorize messages.
The Use Case
I am an online Photo Printing Service provider - PrintPixie. Registered User can upload a photo or connect to Cloud Drive where they hold their photos, select print parameters, pay and submit their order.
In this use case we have…
- Client - PrintPixie
- Cloud Drive Service Providers - Google, iCloud, Onedrive etc.
- End User - Say megan@personalemail.com
The Integration Strategy
Here the integration strategy is as follows...
- Fetch the list of photos (thumbnails) available on the end users cloud drive
- Pull a high res image once the user has made a selection
There are two ways to implement this
- Managed Server
- Serverless
Managed Server - Implement code in PrintPixie
Assumption that PrintPixie is built using Python. Here is a sample top level task structure.
- Register printpixie with each of the service providers' as a client app to fetch the clientId and clientSecret and provide a redirectUrl to your server (Task 3. Below)
- Download Python Authentication libraries/sdk's for each of the providers.
- Create a server API to handle authorization redirect.
- Call the authentication library to get access token.
- Create a data store to hold end user Access Tokens.
- Write integration wrapper to
GetListOfPhoto
GetHighResLocation - Fetch previously retrieved end user access token from data store and refresh if expired
- Map each of the above interfaces to the service provider API in their library.
- Make the call
- Attach tokens to call
- Log call
- Log errors
- Notify if there are any errors
Serverless- Use an OAuth proxy
By redirecting your Authorization and Messaging through a service. Pathfix offers this. It proposes that we try a slightly different approach to all of this. Here is how they would do it.
- Register printpixie with each of the service providers' as a client app to fetch the clientId and clientSecret and provide a redirectUrl (provided by Pathfix) to your server (Task 3. Below)
- -
- -
- -
- -
- Write integration wrapper to
GetListOfPhoto
GetHighResLocation - -
- Map each of the above interfaces to the service provider API in their library. (Usually using a JSON file to map API interfaces)
- Make the call
- -
- -
- -
- -
The entire process has reduced from the original 13 step process to a simplified 4 step process!
Summary
We see that there is a significant reduction in the time to live. Not only have the no. of tasks reduced but it has freed up a developers time to get to the specific integration much quickly. With this method if you have an Integration Strategy in mind (like PrintPixie did), you can go live in a couple days if not less.