Custom App: OAuth

Guide

if your app provides OAuth capabilities for authentication, the authentication identifiers must be oauth and oauth2 for OAuth v1 and OAuth v2, respectively. Only one authentication type per OAuth version is currently supported.

OAuth v1

POST /oauth1/v1/authorize

The POST /oauth1/v1/authorize endpoint performs obtaining request token and secret and generating of authorization url for OAuth version 1 accounts.

Included with the request is a single body parameter, callback_uri, which is the redirect URL that the user should be expected to be redirected to upon successful authentication with the third-party service. callback_uri includes query parameter state that MUST be preserved to be able to complete OAuth flow by Fibery.

Request body sample:

{
  "callback_uri": "https://oauth-svc.fibery.io/callback?state=xxxxxxx"
}

Return body should include a redirect_uri that the user should be forwarded to in order to complete setup, token and secret are granted request token and secret by third-party service. Replies are then POST'ed to /oauth1/v1/access_token endpoint.

The OAuth implementation requires the account identifier to be oauth for OAuth version 1.

If service provider has callback url whitelisting than https://oauth-svc.fibery.io?state=xxxxx has to be added to the whitelist.

Response body sample:

{
  "redirect_uri": "https://trello.com/1/OAuthAuthorizeToken?oauth_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&name=TrelloIntegration",
  "token": "xxxx",
  "secret": "xxxx"
}

POST /oauth1/v1/access_token

The POST /oauth1/v1/access_token endpoint performs the final setup and validation of OAuth version 1 accounts. Information as received from the third party upon redirection to the previously posted callback_uri are sent to this endpoint, with other applicable account information, for final setup. The account is then validated and, if successful, the account is returned; if there is an error, it is to be raised appropriately.

The information that is sent to endpoint includes:

fields.access_token - request token granted during authorization step
fields.access_secret - request secret granted during authorization step
fields.callback_uri - callback uri that is used for user redirection
oauth_verifier - the verification code received upon accepting on third-party service consent screen.

Request body sample:

{
  "fields": {
    "access_token": "xxxx",
    // token value from authorize step
    "access_secret": "xxxxx",
    // secret value from authorize step
    "callback_uri": "https://oauth-svc.fibery.io?state=xxxxx"
  },
  "oauth_verifier": "xxxxx"
}

Response can include any data that will be used to authenticate account and fetch information.

Tip: You can include parameters with refresh_token and expires_on and then on validate step proceed with access token refresh if it is expired or about to expire.

Response body sample:

{
  "access_token": "xxxxxx",
  "refresh_token": "xxxxxx",
  "expires_on": "2020-01-01T09:53:41.000Z"
}

OAuth v2

POST /oauth2/v1/authorize

The POST /oauth2/v1/authorize endpoint performs the initial setup for OAuth version 2 accounts using Authorization Code grant type by generating redirect_uri based on received parameters.

Request body includes following parameters:

callback_uri - is the redirect URL that the user should be expected to be redirected to upon successful authentication with the third-party service
state - opaque value used by the client to maintain state between request and callback. This value should be included in redirect_uri to be able to complete OAuth flow by Fibery.

Request sample

{
  "callback_uri": "https://oauth-svc.fibery.io",
  "state": "xxxxxx"
}

Return body should include a redirect_uri that the user should be forwarded to in order to complete setup.
Replies are then POST'ed to /oauth2/v1/access_token endpoint.

The OAuth implementation requires the account identifier to be oauth2 for OAuth version 2.

If service provider has callback url whitelisting than https://oauth-svc.fibery.io has to be added to the whitelist.

Response example:

{
  "redirect_uri": "https://accounts.google.com/o/oauth2/token?state=xxxx&scope=openid+profile+email&client_secret=xxxx&grant_type=authorization_code&redirect_uri=something&code=xxxxx&client_id=xxxxx"
}

POST /oauth2/v1/access_token

The POST /oauth2/v1/access_token endpoint performs the final setup and validation of OAuth version 2 accounts. Information as received from the third party upon redirection to the previously posted callback_uri are sent to this endpoint, with other applicable account information, for final setup. The account is then validated and, if successful, the account is returned; if there is an error, it is to be raised appropriately.

The information that is sent to endpoint includes:

fields.callback_uri - callback uri that is used for user redirection
code - the authorization code received from the authorization server during redirect on callback_uri

Request body sample:

{
  "fields": {
    "callback_uri": "https://oauth-svc.fibery.io"
  },
  "code": "xxxxx"
}

Response can include any data that will be used to authenticate account and fetch information.

Tip: You can include parameters with refresh_token and expires_on and then on validate step proceed with access token refresh if it is expired or about to expire.

Response body sample:

{
  "access_token": "xxxxxx",
  "refresh_token": "xxxxxx",
  "expires_on": "2020-01-01T09:53:41.000Z"
}