LogoLogo
Contact usBook a demoSupport
  • 🟦v2.0
    • 👋Introduction
    • Front Office
      • Front interface structure
      • Log in & Register
      • Homepage
        • Vendor Homepage
        • Customer Homepage
        • Homepage (User search feature)
        • AI Search Assistant
      • Rendering types
        • Commoditized Rendering types
          • Listing Deposit (All rendering types)
          • Time Based
            • Create a Listing (Time Based)
            • Edit a Listing (Time Based)
            • Show a Listing (Time Based)
            • Book a Service (Time Based)
          • Seat Based
            • Create a Listing (Seat Based)
            • Edit a Listing (Seat-Based)
            • Show a Listing (Seat-Based)
            • Book a Listing (Seat-Based)
          • Flat Rate
            • Create a Listing (Flat Rate)
            • Edit a Listing (Flat-Rate)
            • Show a Listing (Flat Rate)
            • Book a Listing (Flat Rate)
        • Uncommoditized Rendering types
          • Request for Proposal (RFP)
            • Create a Request for Proposal (RFP)
              • RFP Assistant
            • RFP page (RFP)
            • Bid proposals (RFP)
      • Listing details supported by AI
      • Platform Subscriptions
      • Quote requests (Quote)
      • Upgrades management
      • Discount Coupons
      • Search result pages
        • Listings search results page (Time-Based mode)
        • Listings search results page per category (All Rendering types)
        • Users search results page (User search feature)
        • Listing Alert management (Listing Alert mode)
        • Listings search results page
      • Favorite page
      • Profile pages
        • Profile page (Time-Based mode)
      • Content page
      • Users onboarding page
      • Contact page
    • Dashboards
      • User dashboard structure pages
      • User KPI - Homepage
        • User KPI (Time-Based, Seat-Based, Flat-Rate, RFC)
        • User KPI (RFP bundle)
      • Messages dashboard
      • Quotes dashboard (Quote feature)
      • Bids dashboard (RFP rendering type)
      • Request for proposals dashboard (RFP rendering type)
      • Bookings dashboard
        • Bookings dashboard (Time-Based rendering type)
        • Mediation management dashboard (Mediation feature)
        • Bookings dashboard (Subscription)
      • Listings dashboard
      • Platform Subscriptions
      • Payments dashboard
        • Payments dashboard (Time-Based rendering type)
        • Invoices (Flat-Rate rendering type)
      • Reviews dashboard
      • User profile dashboard
        • User profile dashboard (All rendering types)
        • User profile dashboard (User search feature)
    • SuperAdmin
      • Accessing the Backoffice
      • Navigating the Backoffice
      • Platform KPI - Homepage
      • Listings
        • Viewing and managing listings
        • Listings categories management
        • Listings attribute management
      • Coupon
      • Mediation
      • Bookings
        • Bookings management
        • Bids management
        • Quotes Management
        • Payments management
        • Reviews management
      • Users
        • Viewing and managing users
        • User categories management
        • User attributes management
        • Users messages management
        • Contact management
      • Platform Subscriptions
        • Plans
        • Subscriptions
      • Access rights
        • Administrators management
        • Rights management
        • Roles management
      • Contents
        • Header menus
        • Footer menus
        • Pages
          • Guide: manage a page's slug
          • Guide: add contents to internal pages
        • Interface texts
        • Messages to users (Notifications)
      • Configurations
        • Preset
        • Webhook
        • Commands
        • Features
          • Artificial Intelligence Features
            • AI Settings
            • AI Patterns Feature
            • AI Search Assistant Configurations
            • Vendor Matching Configuration
            • RFP Assistant Configuration
            • Rendering Type Auto Suggestion
      • Setting up Third Party API accounts
      • OAuth
      • Service templates management
        • Service templates (Flat-Rate rendering type)
        • Subscription service templates (Flat-Rate rendering type)
      • Settings
        • Home Page Media
        • Home Page Setup
    • Core Concepts
      • Time-Based rendering type
      • Flat-Rate rendering type
        • Subscription
      • Seat-Based Rendering type
        • Stock Feature
      • Request for proposal bundle (RFP)
      • Quote Feature
      • Platform Subscription
      • User search feature
      • Calendar Sync feature
      • Mediation feature
      • Typesense feature
      • Listing Alert feature
      • Upgrades feature
      • Coupon Feature
      • SMS Feature
      • Listing Search Advanced Feature
      • Recaptcha Feature
      • Payment Service Provider features (PSP)
        • Stripe bundle (PSP) - Business rules
          • Dashboard Stripe - Subscription Feature
        • Mangopay bundle (PSP) - Business rules
          • Dashboard Mangopay - Subscription Feature
          • Bank Wire Transfer Payment (Banking Alias) / RFP rendering type (Request for Proposal)
      • Search Engine Optimization (SEO)
      • Maildev
      • Audit
      • General Data Protection Regulation (GDPR)
      • Google Tools
      • Users Onboarding
    • Glossary
Powered by GitBook
LogoLogo

© Second SAS

On this page
  • Definition
  • Create an authorized app
  • Read the authorized app interface
  • Summary
  • Update an Authorized App
  • Delete an Authorized App
  • Related resources

Was this helpful?

Export as PDF
  1. v2.0
  2. SuperAdmin

OAuth

Managing external clients (apps) that need access to your platform (via APIs)

PreviousSetting up Third Party API accountsNextService templates management

Last updated 7 months ago

Was this helpful?

Path: SBO > OAuth > Authorized apps

Definition

Authorized apps are mostly used by developers.

An API allows a platform to communicate with a third-party system in the backend.

OAuth is used to give access to a third-party system, like this I will be able to use the third-party system to update my platform or vice versa.

WHO CAN USE THIS FEATURE?

Logged super-administrator

Create an authorized app

Click “Register a new application” (figure 1)

It will open the “Register a new OAuth application” page and the super-administrator will have to fill:

  • The application name (figure 2)

  • The application description field (figure 3)

  • The application’s grants (figure 4), by ticking checkboxes:

    • Client credentials grant

    • Resource owner password credentials grant

    • Authorization code grant

By ticking the “Authorization code grant” checkbox, the super-administrator will have to fill:

  • The homepage URL of the third party system (figure 5)

  • The authorization callback URL of the third party system (figure 5)

The super-administrator can allow the plain code challenge method for this application by activating the switch button (figure 6).

  • The permissions (figure 7), by ticking the checkboxes:

    • private: the client app will have access to all frontend endpoints where is required a user auth

    • admin: the client app will have access to all backend endpoints where is required a user (admin) auth

Once the super-administrator has filled in all the fields, he can click “Register application” (figure 8), on the right side card to save the changes.

Read the authorized app interface

Once registered the new application will generate the OAuth client information.

The first card will show the:

  • The Client ID (figure 9)

  • The Client Secret key (figure 10)

They are automatically generated by the platform. It is a unique one-time-use access token.

In the second card, the super-administrator will see all information that has been previously filled in:

  • The application name and description (figure 11)

  • The application’s grants (figure 11):

    • The client’s credentials grant is for machine-to-machine authentication (the client app is a server), and apps will access the Second API endpoints that don’t require user permissions.

    • Resource owner password credentials grant is for trusted client apps. For example, a Second native mobile app that also requests the username/password to the user (login).

For these two grants, the client app will exchange its ID and Secret with the OAuth Provider (Second) by a token that it will use to make all API requests.

  • Authorization code grant is where before making any API request, the user is redirected to the OAuth Provider (Second) to allow or deny the requested permissions from this client app. The user will see the app name, description, a link to the client app website, and the requested permissions the user will grant to the app (private, admin). After the user allows or denies it, it will be redirected to the client website again (this is the auth callback URL configured). With that response, this app will handle the access to Second’s API on behalf of the user.

The “plain code challenge method” (figure 11) is a security value the client app will provide to mitigate some attacks. It can be plain text or encrypted. Some client app doesn’t support the extension needed to generate this encrypted value, so we have this option for this kind of incompatibility.

The permission is chosen (figure 11), private or admin.

Summary

To achieve a connexion between the platform and third-party apps (the client website), the third-party app needs to be registered (beforehand) in the OAuth provider (Facebook, Google, or Second in our case). It is mainly to gather information about :

  • This client app (name, description)

  • The grants this app will have (client credentials, password credentials and authorization code)

  • The permissions this app will request to the user (e.g. access to your address, email, etc.)

After registration, the app will receive a Client ID and a Client Secret (generated by Second) to authenticate the client app. These two data are the username/password for apps.


Update an Authorized App

  • UpdatetThe Client ID by clicking “Revoke all user tokens” (figure 12) on the first card. Once the super-administrator clicks it, a modal appears to warn him that this manipulation is not reversible.

  • Update the Client Secret by clicking “Reset client secret” (figure 13), once again, a modal will appear to warn the super-administrator about this manipulation.

The information about the register app can be updated the same way it has been created. Click “Update application” (figure 14), on the right side card, to save the changes.

  • Enabled means the OAuth client has access to the information requested on the Second platform

  • Disabled means the OAuth client has no more access

Delete an Authorized App

Delete the application registered by clicking “Delete application” (figure 16) on the right side card.

A modal will appear to acknowledge the action. Confirm the choice or cancel it.

Related resources

No related resources.

🟦
Definition
Create an authorized app
Read the authorized app interface
Summary
Update an Authorized App
Delete an Authorized App
Related resources
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11
Figure 12
Figure 13
Figure 14
Figure 15
Figure 16