Next step to set authentication for your plugin. In Authentication Configuration viasocket provide three types of authentication methods for your application :
No Auth
Basic Auth
OAuth 2.0 (viaSocket supports the types of authentication in OAuth 2.0: Authorization Code, Implicit, Client Credentials, Password Credentials)
🔴 NOTE : If any service support base64 conversion then select Basic auth in that case.
Typically, 'No Auth' is used when the service does not require authentication to access its API. This is commonly applicable for open APIs.
Authentication Configuration - Basic Auth
Typically, basic authentication requires the service's api-key. The processes to obtain an API key and the necessary fields are covered in detail in the service's documentation.
Step by step guide on how to set up Basic auth to create plugs in viaSocket
Version of authentication: Viasocket provides v1 version of authentication automatically.
🔴NOTE : We need to create a new authentication version if we have used authentication version in any action. We can not edit an authentication version which is used by any action.
Field Label : Viasocket provides field auth_key by default for basic auth, but one can add additional fields accordingly.
Configure additional Input Fields (if required) :
Click on Add Field and fill the field details
Key: Uniquely identifies the input field. It is essential for referencing and processing the data associated with this field.Ex: auth_key , domain.
Label: The name of the field. It will be visible on the UI. This is what users will see as the name of the input field.
Help : Provide any instruction to the user such as:documentation link,format etc.
Type: Specifies the data type of the field, such as string for text, number for numeric values, etc. As of now it is set to string.
Required: Indicates whether the field is obligatory. If checked, users must provide a value for this field during authentication.
🔴NOTE : The fields you created for authentication are required to create actions and triggers. Use this value format : `${context.authData.fieldkey_name}`.
Test Me API:
To complete the process of authentication the final step is to add the Test Me API . It is a simple GET API which is getting user details, profile information.This API is invoked during the authentication process of the plugin.
Sample Request with Response:
Connection Label:
It is a label provided to show authentication by the user when using the plugin in any of the flows. For security purposes, "Mask connection label value" is used to essentially conceal the actual value of the connection label.
Authentication Configuration - OAuth 2.0
Auth2.0 works by delegating user authentication to the service that hosts the user account and authorizing third-party applications to access the user account. viaSocket supports the following types of authentication in OAuth 2.0:
Type01: Authorization Code
To implement OAuth 2.0 (Authorization Code) for a particular service, you would typically need to register your application with the service to obtain a client ID and client secret, implement redirection endpoints for handling callbacks, and implement the logic to obtain and refresh access tokens using the client credentials.
Scopes : Scopes define and limit the access that a client application has to a user's resources on a resource server. They play a crucial role in determining the extent of the authorization granted during the OAuth flow.
There are two types scopes :
🔴In the scope field when you write any scope you have to press ENTER KEY so that the scopes will get saved.
🔴Add fields process is same as Basic auth.
🔴Format to use response of authorization is `${context.authData.code}`. Replace code with key in the response you want to use.
Next step is to add required API’s and authenticate a user, the API’s you need to provide for your service is:
Access Token API :
Once the authorization code is generated, the next step is obtaining an access token. The primary purpose of an access token is to securely grant limited access to specific resources on behalf of a user or an application.
Example :
🔴To use response of this block for is `${context.authData.accesstokencode.______ }`
Refresh Token API :
The refresh token serves to refresh the validity of the access token by generating a new token and extending the access token's duration.
Example :
🔴To use response of this block for is `${context.authData.refreshtokencode.______ }`
Revoke Token API :
If you wish to disable an access or refresh token, simply send a request to the /revoke endpoint of the appropriate authorization server.
Example :
🔴To use response of this block for is `${context.authData.revoketokencode.______}`
Test Me API :
Same as basic auth
Example :
🔴Connection label is same as basic auth.
🔴Using try/catch in the code is a best practice for catching errors and debugging and in return always add response.data
Type02: Implicit Auth
Implicit authentication is one of the OAuth 2.0 grant types designed for an implicit flow, the client application receives the access token directly from the authorization server as part of the redirection URI without an intermediate authorization code with client ID only.
🔴Click on authorize button will obtain access token for provided services . All other fields(Authorization URL, Scopes, response type, additional fields) and API’s (Refresh Token,Test Me API, Connection label ) are the same as described above authorization code .
Client Credentials
The Client Credentials grant type in OAuth 2.0 is used to obtain an access token with users' client ID and secret.
Client application is registered with the OAuth 2.0 service provider.
During registration, the client receives a Client ID and a Client Secret.
If the authentication is successful, the server issues an access token to the client application.
🔴All other fields(Authorization URL, Scopes, response type, additional fields) and API’s (Access Token API, Refresh Token,Test Me API, Connection label) are the same as described above authorization code .
Password Credentials
This grant type in OAuth 2.0 involves exchanging a user's username and password directly for an access token.
Register your application with the OAuth 2.0 authorization server to obtain a client ID and client Secret
🔴All other fields(Authorization URL, Scopes, response type, additional fields) and API’s (Access Token API, Refresh Token,Test Me API, Connection label) are the same as described above authorization code .
Support
For further assistance, visit the viaSocket support page or contact our support team at support@viasocket.com.