Client Credential Flow
This ConnectorConnector - A connector is the package from Fusebit that manages the relationship between one or more integrations and a specific service. One of the most common types of connector is an OAuth connector, which takes care of the OAuth negotiation between your customers and the service you're integrating, so that you don't have to! allows support for Client Credential Flow authorization between Fusebit Integrations and supporting services. This Connector is commonly used to support authorization with your backend, rather than with a third party backend.
Because a client credential flow is a different flow than web-based OAuth flows like the authorization code flow, many of the configuration elements that are usually used are not relevant. The Client Credential Flow Connector allows collecting a unique OAuth client_id
and client_secret
for every SessionSession - A session is a sequence of steps that a user takes to configure a new integration, so that it can access their services on your behalf. You can think of a session as a combined task list and scratchpad - integrations will use a session to show forms and collect user data, and connectors will use a session to collect authentication credentials on behalf of the user. it is part of. This enables your app to obtain a different set of OAuth credentials for every user or tenant of your app.
Making use of the Client Credential Flow Connector requires changing the way your backend creates Sessions during the authorization process to supply the necessary client_id
and client_secret
unique to that Tenant. These credentials are then used by the Connector to perform the necessary token exchange flows.
Getting Started
- Use the Fusebit Management PortalFusebit Management Portal - The Fusebit Management Portal enables you to easily setup and manage all your integrations in one place. Link: https://manage.fusebit.io to create an account and log in.
- Create a new Integration using any one of our templates.


- In the integration view, select the
Add New
button on the right:


- Enter
OAuth
into the New Connector Dialog and select theClient Credential Flow
option. - Click on the new Client Credential Flow connector and enter the token exchange endpoint for your Client Credential Flow service.
- At this point, you will need to modify the code running on your server. Modify the session creation
POST
to include aninput
block, similar to the following:
{
"redirectUrl": "http://example.com/redirect",
"input": {
"ccfConnector": {
"client_id": "AAAA",
"client_secret": "BBBB"
}
}
}
The input
block will be consumed by the ccfConnector
Connector (or whichever Connector name you declare in the components
block of your Integration), and should specify client_id and client_secret specific for the tenant you have created the session for.
Authorization with Client Credential Flows
At this point, the client credential flow will happen as an invisible step for the end user. There will be no configuration screens, prompts, or other indications that the credentials were exchanged for an access token.
Invoking the Client Credential Flow Connector
The credentials created by the Connector are accessible via the same call to getSdkByTenant
as credentials from other Connectors:
router.post('/api/tenant/:tenantId/test', integration.middleware.authorizeUser('install:get'), async (ctx) => {
const ccfCredentials = await integration.tenant.getSdkByTenant(ctx, 'ccfConnector', ctx.params.tenantId);
const me = await superagent.get('https://www.example.com/me')
.set('Authorization', `Bearer ${ccfCredentials.accessToken}`);
ctx.body = me;
});
Updated 22 days ago