Best way to handle oauth tokens (access and refresh tokens)

Before you start offering your end users the ability to integrate and push or pull data from other application into your app, you need to have an OAuth tokens system, or more commonly called the OAuth Token Management System.

OAuth Token management system is a framework that you would need to generate access tokens, get refresh tokens and stamp all API calls between your app and the 3rd party provider. Every provider you integrate with, will request for a different method and token requirement. This means you will need an extensive token management system that would handle different scenarios and requirements.

Before we proceed to best way to handle OAuth tokens for both access tokens and refresh tokens, a quick intro to what an OAuth token is.

What are OAuth Tokens?

OAuth tokens act like a pass for an application to gain access to a set of data. The best analogy to understand this is to think of a hotel keycard. The keycard that was generated for you gives you access only to your room, not all the rooms in the hotel. OAuth tokens work in pretty much the same way, they allow you to get access to a set of permitted data.

Here is a detailed post on what is OAuth and the different pieces required to complete the OAuth based integration: https://pathfix.com/blog/looking-to-offer-integrations-to-your-users-you-need-oauth/

Token Management System

An OAuth token management system needs to perform the following activities:

  • Generate tokens
  • Verify the tokens
  • Refresh expired tokens
  • Store tokens in a secure data storage
  • Secure at-rest and in-transit

The token management system must be secure, with tokens being accessible only by the service provider.

The traditional approaches of getting an OAuth token management system would be either to build it yourself or use an open source solution.

Should you build an OAuth token management system?

30% of time spent on building OAuth connectivity goes into building a secure OAuth token management system. This roughly translates to approx. 600+ hours spent on building the token management system alone, for just 5 providers. And since most providers don’t follow the same token approach, you will need to build a new system for each provider.

This is time spent on only one piece of the OAuth connectivity puzzle.

What about open source OAuth token management system?

We love open source. As developers, we understand the value of open source. It allows us to simply pick and use software extensions to add to our existing application.

However, since the open source piece of code isn’t maintained by anyone, stability becomes a concern as there isn’t any ownership or review mechanism in place.

Pathfix Token Management System

An open and flexible system, Pathfix takes care of the entire token management process. From the time the user clicks on Integrate, the system will generate and manage the tokens that are required for each provider. This includes the OAuth tokens, Access tokens, Refresh tokens and any API stamping required by the provider.

This means, you can get your OAuth connections running in just a few minutes and use the hours you would’ve spent building the OAuth system into building your application instead.

Why Pathfix

Secure and stable. Pathfix encrypts all the tokens, get you connected to the providers API endpoints with ease and gets you connected instantly. With guaranteed uptimes and constant updates and features rolled out, makes Pathfix the perfect OAuth solution for your integration needs.

Here is a Playground that you can use to try different endpoints. You can signup for a free Pathfix account here and see the OAuth Token Management System in action in your own app.

Top 3 CRM integrations to integrate your SaaS with in 2020
Businesses choose CRM tools to help them manage their business information and it is one of the first tools purchased. See our list of the top CRM tools to integrate with.
The importance of integrations to the growth of a SaaS
Why should you consider adding integrations to your SaaS
Design of an OAUTH token management proxy
What did it take for us to build out Pathfix – a completely serverless oauth proxy solution.