Client Credential Flow

This ConnectorConnector - A connector is the package from Fusebit that manages the relationship between one or more integrations and a specific service. One of the most common types of connector is an OAuth connector, which takes care of the OAuth negotiation between your customers and the service you're integrating, so that you don't have to! allows support for Client Credential Flow authorization between Fusebit Integrations and supporting services. This Connector is commonly used to support authorization with your backend, rather than with a third party backend.

Because a client credential flow is a different flow than web-based OAuth flows like the authorization code flow, many of the configuration elements that are usually used are not relevant. The Client Credential Flow Connector allows collecting a unique OAuth client_id and client_secret for every SessionSession - A session is a sequence of steps that a user takes to configure a new integration, so that it can access their services on your behalf. You can think of a session as a combined task list and scratchpad - integrations will use a session to show forms and collect user data, and connectors will use a session to collect authentication credentials on behalf of the user. it is part of. This enables your app to obtain a different set of OAuth credentials for every user or tenant of your app.

Making use of the Client Credential Flow Connector requires changing the way your backend creates Sessions during the authorization process to supply the necessary client_id and client_secret unique to that Tenant. These credentials are then used by the Connector to perform the necessary token exchange flows.

Getting Started

  1. Use the Fusebit Management PortalFusebit Management Portal - The Fusebit Management Portal enables you to easily setup and manage all your integrations in one place. Link: https://manage.fusebit.io to create an account and log in.
  2. Create a new Integration using any one of our templates.
  1. In the integration view, select the Add New button on the right:
  1. Enter OAuth into the New Connector Dialog and select the Client Credential Flow option.
  2. Click on the new Client Credential Flow connector and enter the token exchange endpoint for your Client Credential Flow service.
  3. At this point, you will need to modify the code running on your server. Modify the session creation POST to include an input block, similar to the following:
{
  "redirectUrl": "http://example.com/redirect",
  "input": {
    "ccfConnector": {
      "client_id": "AAAA",
      "client_secret": "BBBB"
    }
  }
}

The input block will be consumed by the ccfConnector Connector (or whichever Connector name you declare in the components block of your Integration), and should specify client_id and client_secret specific for the tenant you have created the session for.

πŸ“˜

Authorization with Client Credential Flows

At this point, the client credential flow will happen as an invisible step for the end user. There will be no configuration screens, prompts, or other indications that the credentials were exchanged for an access token.

Invoking the Client Credential Flow Connector

The credentials created by the Connector are accessible via the same call to getSdkByTenant as credentials from other Connectors:

router.post('/api/tenant/:tenantId/test', integration.middleware.authorizeUser('install:get'), async (ctx) => {
  const ccfCredentials = await integration.tenant.getSdkByTenant(ctx, 'ccfConnector', ctx.params.tenantId);
  const me = await superagent.get('https://www.example.com/me')
    .set('Authorization', `Bearer ${ccfCredentials.accessToken}`);
  ctx.body = me;
});

Did this page help you?