auth.js
and must be stored under either the service or module directory (i.e. [vendor]/[service]/auth.js
or [vendor/[service]/[module]/auth.js
. Appmixer currently supports three types of authentication mechanisms that are common for today's APIs: API key, OAuth 1 and OAuth 2.type
and definition
properties. type
can be either apiKey
, oauth
(for OAuth 1) and oauth2
(for OAuth 2). definition
is either an object or a function (useful in cases where there's a code that you need to run dynamically).apiKey
, oauth
and oauth2
.type
property must be set to apiKey
. Here is an example from Freshdesk components:context
object with the same keys as in the auth object. In this case we will be able to access the values as context.domain
and context.apiKey
.requestProfileInfo
that points to the value that will be used as account name. Following the example, the object returned by requestProfileInfo
would have an structure like this:accountNameFromProfileInfo
as contact.email
.requestProfileInfo
is not defined, the auth
object will be used instead. The account name will be the resolved value for the property specified by accountNameFromProfileInfo
.requestProfileInfo
. This is used to validate if the authentication data entered by the user is correct. For this purpose you can call any endpoint that requires authentication, you can even use the same endpoint as requestProfileInfo
. If the data is correct, this function should resolve to any non-false value. Otherwise throw an error or resolve to false
. You can define validate
as an object. In that case, that object has the same structure as object passed into request library. In that case it will look like this:type
property must be set to oauth
. Here is an example from Trello components:requestToken
and requestTokenSecret
the same way that is showed on the example. Those are needed to get the access token and become exposed by the context - context.requestToken
and context.requestTokenSecret
.accessToken
and accessTokenSecret
the same way that is showed on the example. Usually you will be using the requestToken
and requestTokenSecret
inside this function as they are required by the OAuth 1 flow in this step. Similarly to requestRequestToken
function, accessToken
and accessTokenSecret
will become exposed by the context - context.accessToken
and context.accessTokenSecret
.requestToken
is available in the context. The example shows the authUrl declaration using the token provided by the context.context.accessToken
and context.accessTokenSecret
to make authenticated requests. If the token is valid, this function should resolve to any non-false value. Otherwise throw an error or resolve to false
.type
property must be set to oauth2
. Here is an example from Asana auth.js:requestRequestToken
method in OAuth 2, but we there is the requestAccessToken
used to get the token and refreshAccessToken
method, which is used by Appmixer to refresh the access tokens. Now we explain the definition object properties:response_type
parameter set to code
, then there is the client_id
, redirect_uri
, state
and scope
parameter. If the OAuth 2 implementation requires any other parameters (or the standard ones use different names), then you have to define this property as a function and provide all the additional parameters. The same logic applies to the following property requestAccessToken
.accessToken
, refreshToken
(optional, some OAuth 2 implementations do not have refresh tokens) and accessTokenExpDate
or expires_in
(also options if the implementation does not have tokens that expire). Inside this function we call the endpoint which handles out the access tokens for the application. Inside this function you have access to context properties you need: clientId
, clientSecret
, callbackUrl
and authorizationCode
.accessToken
and accessTokenExpDate
properties, as shown in the example. You have access to context properties clientId
, clientSecret
, callbackUrl
and refreshToken
.,
and you can change it to ' '
for example.