Better Understanding OAuth2 and Server Side Information Access

87 views Asked by At

I'm working on a "service integration" platform which connect several different accounts.

The idea behind is to have a single Web App to perform automated operations on several connected Platforms. For instance:

Due Date expiration:

  • Slack message on Channel X
  • Message via email at Admin X
  • Create new task on Asana

Actually everything is working fine but I'm relying on the user access token. I get the token with OAUTH and I use it to perform all the call between my servers and the other platforms.

I'm facing 2 problems:

  • I dont' thinks is the correct way to do it. In my understanding there must be a way, after the user "authorization" to the App, to perform all the operation without the "user token" but using a sort of "server side" token (with client ID and secret maybe)
  • The user token expires after a couple of hours / days, and he must login to every service

Which is the correct way to do this? For instance, suppose I have to provision a new GSUITE / Google Account.

Right now I simply use the User Token obtained by the OAUTH client-side authentication and perform the request. Everything works like a charm.

How can I do the same thing Server Side? In a theoretical way, the user grants my App the permission to provide new users so, how can I do it without the "client-invervention"?

1

There are 1 answers

0
Ziba Leah On BEST ANSWER

After some reading and some experiments I find out this approach.

Depending on the service you are working with, there are mainly 2 categories of "OAuth Login":

  • Single Token: after the login, the external server gives you a lifetime valid token to access to his info. The token stop working if the User removes the permissions to the App

  • Renew Token: after the login, the external server gives you a "timed token" (usually one hour) and a refresh token (always valid). The refresh token, used with APPID and APPSECRET can be used to obtain a new Authorization token.

Actually, I tested with:

  • GSUITE (Renew)
  • Trello (Lifetime valid)
  • Asana (Renew)
  • Slack (Lifetime valid)