OAuth 2.0 Provider Integration in Empress

Developers
1

Introduction

Welcome to this comprehensive guide on the OAuth 2.0 provider integration feature in Empress, a feature that allows third-party applications to access user resources based on Empress Role and User permission system.

Understanding OAuth 2.0 Roles

Before we delve into the technical details of implementing this feature, it’s essential to understand the four key roles defined by OAuth 2.0:

Resource Owner: This is an entity that can grant access to a protected resource. When the resource owner is a person, we refer to them as an end-user.

Resource Server: This is the server hosting the protected resources. It is capable of accepting and responding to protected resource requests using access tokens.

Client: This is an application making protected resource requests on behalf of the resource owner and with its authorization.

Authorization Server: This server issues access tokens to the client after successfully authenticating the resource owner and obtaining authorization.

Setting Up OAuth 2.0 Provider

As a System Manager, you can configure the behavior of the confirmation message in OAuth Provider Settings. You have the choice between Force and Auto. With Force, the system will always ask for the user’s confirmation. If Auto is selected, the system asks for confirmation only if there are no active tokens for the user.

To access these settings, navigate to:

Setup > Integrations > OAuth Provider Settings

Adding a Primary Server

The primary server is the main server hosting all the users. To set up this as the main server, navigate to:

Setup > Integrations > Social Login Key

Add a new Empress Social Login Key and enter your server URL in the field Base URL. This URL repeats in all other Empress servers who connect to this server to authenticate.

Under this server, you can add as many OAuth Client(s) as required.

Adding a Client App

As a System Manager, you can add a client app by navigating to:

Setup > Integrations > OAuth Client

To add a client, fill in the following details:

  1. App Name
  2. Skip Authorization
  3. Scopes
  4. Redirect URIs
  5. Default Redirect URIs
  6. Grant Type
  7. Response Type

Implementing OAuth 2.0

For detailed instructions on how to use OAuth 2.0 in your application, please refer to the API documentation.

Summary

In conclusion, OAuth 2.0 provider integration in Empress is a powerful feature that enables developers to secure their applications by leveraging an industry-standard protocol for authorization. Its integration into Empress enhances the software’s ability to provide secure and customizable business solutions. By understanding and effectively implementing this feature, developers can take full advantage of Empress’s capabilities to meet their application’s security and authorization needs.