Authentication Auth2.0 - Authorization code


Authentication Configuration - OAuth 2.0

viaSocket supports the following types of authentication in OAuth 2.0:

Auth2.0 works by delegating user authentication to the service that hosts the user account and authorizing third-party applications to access the user account. 


Type01: Authorization Code

To implement OAuth 2.0 (Authorization Code) for a particular service, you would typically need to register your application with the service to obtain a client ID and client secret, implement redirection endpoints for handling callbacks, and implement the logic to obtain and refresh access tokens using the client credentials.

  

Scopes : Scopes define and limit the access that a client application has to a user's resources on a resource server. They play a crucial role in determining the extent of the authorization granted during the OAuth flow. 

There are two types scopes :

  • Space Separated In some OAuth 2.0 implementations, scopes are represented as a space-separated list within the scope parameter. For example: scope=read write profile
  • Comma Separated : In other OAuth 2.0 implementations, scopes are represented as a comma-separated list within the scope parameter. For example: scope=read, write, profile.

🔴In the scope field when you write any scope you have to press ENTER KEY so that the scopes will get saved.

🔴Add fields process is same as Basic auth.

🔴Format to use response of authorization is `${context.authData.code}`. Replace code with key in the response you want to use.

Next step is to add required API’s and authenticate a user, the API’s you need to provide for your service is: 

 

Access Token API :

Once the authorization code is generated, the next step is obtaining an access token. The primary purpose of an access token is to securely grant limited access to specific resources on behalf of a user or an application.

Example : 


🔴To use response of this block for is `${context.authData.accesstokencode.______ }`

Refresh Token API :

The refresh token serves to refresh the validity of the access token by generating a new token and extending the access token's duration.

Example : 

🔴To use response of this block for is `${context.authData.refreshtokencode.______ }`

Revoke Token API :

If you wish to disable an access or refresh token, simply send a request to the /revoke endpoint of the appropriate authorization server.

Example : 



🔴To use response of this block for is `${context.authData.revoketokencode.______}`

Test Me API :

Same as basic auth

Example :

🔴Connection label is same as basic auth.

Append Headers/Query params/Body

The interface you are looking at allows you to set default key-value pairs for headers, query parameters, or the body of HTTP requests where you want to send authentication data. These defaults will be applied to all actions or triggers that use the specified authentication version, ensuring consistent and necessary data is sent with each request

Support your API accepts api-key the query params and, so add Key: api-key (or the specific syntax required by your service) Value: The authentication key entered by users  

Now in any action and trigger no need to add authentication in any api it will fetch automatically.
 

🔴Using try/catch in the code is a best practice for catching errors and debugging and in return always add response.data