User gets redirected to a URL on my website. They login, grant access etc. In the end the get redirected back to the original URL, but in the query params there is specified a token and some extra information about the user. (Similar to how Spotify does it)
I looked over all the options for authentication on Zapier, but it seems like only Oauth has the option of redirecting to an external URL for authentication. How can I solve this problem?
Also, is there a way of unit testing the authentication?
@halftome - I guess you can achieve what you want to do using oauth2 flow with some tweaks.
Use oauth2Config.authorizeUrl to build the login URL that the users are redirected to in order to grant access. Use the redirect_uri query param to redirect them back to zapier. Make sure when you redirect them back to include the state query param that was generated by zapier and also it MUST include code query param with some dummy value so that zapier doesn't complain about it. Of course you can include any custom query params that are relevant to your authentication flow.
At this point, zapier would call getAccessToken method. Now, you have all the query params you returned from step (1) in the bundle.cleanedRequest.querystring . Make sure to return an object that contains access_token key to let zapier know that the oauth2-ish authentication succeeded. Feel free to include that extra information you got in that object so that you can access it in future requests from bundle.authData .
Set oauth2Config.autoRefresh to false because using this authentication flow you may not auto refresh tokens.
I personally don't use mock servers. I only use node.js nock library to intercept requests and return whatever response I need in my tests. Hope this helps.
@halftome - I guess you can achieve what you want to do using oauth2 flow with some tweaks.
Use oauth2Config.authorizeUrl to build the login URL that the users are redirected to in order to grant access. Use the redirect_uri query param to redirect them back to zapier. Make sure when you redirect them back to include the state query param that was generated by zapier and also it MUST include code query param with some dummy value so that zapier doesn't complain about it. Of course you can include any custom query params that are relevant to your authentication flow.
At this point, zapier would call getAccessToken method. Now, you have all the query params you returned from step (1) in the bundle.cleanedRequest.querystring . Make sure to return an object that contains access_token key to let zapier know that the oauth2-ish authentication succeeded. Feel free to include that extra information you got in that object so that you can access it in future requests from bundle.authData .
Set oauth2Config.autoRefresh to false because using this authentication flow you may not auto refresh tokens.
I personally don't use mock servers. I only use node.js nock library to intercept requests and return whatever response I need in my tests. Hope this helps.
@ikbelkirasan Thanks for the very detailed response. I had a hunch I would have to do it based on the oauth flow, I was just hoping I didn’t actually have to implement a real oauth2 provider on my end :)
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
More about cookies
Customize which cookies to allow
Marketing cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Social media cookies
label
These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
Analytics/performance cookies
These cookies enable the website to provide enhanced functionality and personalization, and allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. These cookies may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly and we will not know how you are using our site.
Functional cookies
label
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Essential cookies
Always active
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.