Custom Ochno Operated OAuth2 integrations (beta)

Owned by Oscar wallster
Nov 22, 2024
2 min read

Requirements: User with an account on Ochno Operated

Create new integration

Login to Ochno Operated and navigate to Account(select an account)->Integrations->Custom Integrations->Create

oauth1.png

 

Screenshot 2024-10-28 at 14.20.47.png

Fill out the form - make sure the redirect uri is a valid endpoint on your system to handle the code query exchange (explained further down under “Code exchange authorisation”)

Scopes

  • sub - allows the user userId to be fetched on behalf of the user authorised on the application

  • email - allows the user email to be fetched on behalf of the user authorised on the application

  • hubs:read - allows hub/switch data to be read on behalf of the user authorised on the application

  • accounts:read - allows the accountinfo to be read on behalf of the user&account authorised on the application

When saved you can see it in the list of integrations. Click it to view it and see your autogenerated client_id & client_secret

 

Code exchange authorisation

  • Step 1

    • redirect your end user to https://staging.ochno.com/identity/oauth/v2/authorize?client_id=*clientid*&state=*state*&redirect_uri=*redirect*&scope=*scope*&response_type=code

      • state is your own reference to the session for the user, it will be returned in the redirect

      • scope is a single or array(uri encoded array (scope=scope1%20scope2) etc)

    • End user logs in and authorises the request to fetch data on behalf of him and selected organisation account

    • End user is redirected to the redirect uri with the query parameter code (redirect_uri?code=*authorisation_code*)

    • With the authorisation code call the endpoint(post) https://staging.ochno.com/identity/oauth/v2/token

      • Parameters

        • code = the authorisation code

        • client_id

        • client_secret

        • grant_type = ‘authorization_code’

        • redirect_uri

        • codeVerifier = random base64 string for your own verification

      • headers

        • "Content-Type" : "application/x-www-form-urlencoded"

    • In the response (if successfull) you will recieve the data object which contains

      • access_token (use this in header - Authorization : Bearer *access_token*)

      • refresh_token (use this to generate new access_tokens + refresh_tokens)

  • Step 2

    • You can now use the API endpoints to fetch data on behalf of the authorised user

    • Supply the access_token in each request - Authorization : Bearer *access_token*

  • Step 3

    • To generate new access_token & refresh_token

      • Endpoint https://staging.ochno.com/identity/oauth/v2/token (post)

      • Parameters

        • refresh_token

        • client_id

        • client_secret

        • grant_type = ‘refresh_token’

        • redirect_uri

      • headers

        • "Content-Type" : "application/x-www-form-urlencoded"

 

Swagger documentation

https://staging.ochno.com/doc/swagger

Ochno All Rights Reserved