OAuth1
OAuth1 Authentication
OAuth1 is an older authorization protocol that requires signature-based request authentication. It is rarely used in modern APIs, but some legacy systems still require it.
Overview
OAuth1 authentication provides a secure way for applications to access user data without exposing user credentials. It uses a complex signature-based mechanism to secure each request.
Configuration
In your spec.yml:
auth:
type: oauth1
# Reference to method implementations
getOAuthConfig:
implementationType: mapping
makeApiClient:
implementationType: mapping
test:
implementationType: javascriptOAuth1 Config
The OAuth1 configuration is defined in a mapping file:
# File: auth/get-oauth-config.map.yml
consumerKey:
$var: connectorParameters.consumerKey
consumerSecret:
$var: connectorParameters.consumerSecret
requestTokenUri: https://api.example.com/oauth/request_token
authorizeUri: https://api.example.com/oauth/authorize
tokenUri: https://api.example.com/oauth/access_token
extra:
custom_param: valueConfig Parameters
| Parameter | Description |
|---|---|
consumerKey | The OAuth1 consumer key (from connector parameters) |
consumerSecret | The OAuth1 consumer secret |
requestTokenUri | The endpoint for obtaining a request token |
authorizeUri | The endpoint where users are redirected to authenticate |
tokenUri | The endpoint for exchanging the request token for an access token |
extra | Additional parameters to add to the authorize request |
OAuth1 Flow
The OAuth1 flow in Integration.app follows these steps:
- User initiates authentication
- Integration.app requests a temporary token using the consumer key/secret
- User is redirected to the service's authorization page with this token
- User authenticates and grants permissions
- Service redirects back to Integration.app with a verification code
- Integration.app exchanges this code for access tokens
- The tokens are stored as connection credentials
- Integration.app uses these tokens to make signed API requests
Updated 16 days ago