Intro

Open Authorization (OAuth) is a standard describing authenticated access between unrelated servers and services, providing a single sign-on experience across multiple machines. With OAuth, a user does not need to provide a different password, biometric identity, or multi-factor authentication (MFA) every time they log on to a different site/SaaS service. OAuth provides secure delegated access for third-parties by having a Service Provider create an access token and a secret that can be used for secure login by the third-party service. 

The framework eliminates the need to maintain authentication services since users can access third party services without specifically logging into them every time. For a user, this also comes as a great benefit, as he requires a single set of credentials that can be securely used to authenticate into multiple services. While for an organization, implementing OAuth authentication helps win customer trust and focuses specifically on core app development. 

But, can your organization implement an OAuth authentication? Let us find out how your organization can use Byteline’s OAuth Authentication service without writing a single line of code.  

OAuth Authorization Framework 

OAuth uses an authorization layer as a buffer between the third-party application and the service provider. Once a user’s identity has been validated via authentication, OAuth authorization grants the third-party application access. It uses the token to determine the extent of permissions assigned. The Authorization server acts as the main engine for OAuth frameworks, applying access policies, and creating session tokens. The OAuth 2.0 Framework is, therefore, the perfect standard that lets end-users approve interaction between two different applications without having to give away sensitive logon information.

OAuth Authorization has several benefits, including:

• OAuth makes service monitoring easier since enterprises can easily know the most popular request from the tokens making them.
• OAuth Authorization also improves API security since it establishes tokens when making requests, and acts on behalf of the client application.
• OAuth authorization also makes it easy to run internal company applications, since employees don’t have to input their credentials manually for every software they use.
• OAuth makes it easier to integrate services and delegate authorization for secure interaction between applications.

OAuth Authorization Flow

OAuth is an authorization protocol that consists of multiple components, so it is important to understand the workflow. In OAuth 2.0, there are two types of flows: Implicit Flow and Authorization Code Flow. 

For web applications, the Authorization Code Flow allows the most customization and security. Let’s take a look at this workflow. 

1. First, the user logs in to the regular application; the Service Provider.
2. The user is then redirected to an Authorization Server.
3. The server then directs the user to a Login and Authorization Page, where he is prompted for Credentials.
4. Using the pre-configured login options, the user authenticates access and is redirected to a consent page that lists all permissions granted to the application by the Authorization Server.
5. Following the authorization, the server redirects the user to the regular application, with a single-use Authorization code.
6. A Software Development Kit(SDK) then sends a  packet containing this code, a Client ID, and Secret ID to the authorization server.
7. The server verifies information in this packet.
8. Once the information is verified, the authorization server responds by creating an Access Token and a Token ID.
9. The application can then use this token to grant API access to user information.
10. The API returns the information requested.

Using Byteline to Fetch OAuth Access Tokens  

Byteline OAuth service can be used to get your user’s access token for any of the supported services. If the service you need is not currently supported, please put in a request and Byteline promises to provide that service in a matter of 2-3 working days.

Use Case - Use Byteline OAuth service to authenticate for Webflow CMS

Byteline OAuth service supports Webflow CMS integration that allows you to authorize the Webflow CMS account of your users quickly and easily. Before OAuth access can be used, you need to register your application on Webflow to get Client ID and Secret following these steps:

1. Log in to Webflow, or create an account by going to https://webflow.com.
2. On the toolbar, click on Account then select Account Settings from the pop-up menu.
   

3. On the Account Settings page, navigate to the Integrations tab. Scroll Down to My Applications and click on the Register New Application button.

4. To register your application, fill the fields as follows.

Application Name: The name of the application that appears after authorization.

Application Description: A short description that shows up after user authentication.

Redirect URL: Where users will be redirected after authorization.

Application Homepage: A link to your application’s homepage.

5. After you’re done with application registration, you will be given your application’s Client_id and Client_Secret tokens. These will be configured on the Byteline console so that you can access your user’s Webflow CMS account.

6. To enable OAuth integration, log in to your Byteline console, navigate to Home> OAuth.

7. Under Settings, select your Issuer (Webflow in this case), Client Id, and Client Secret. 

Note that Client ID and Client Secret are the ones as shown in Step 5 above. 

Quick Tip: Byteline supports almost every OAuth based service. In case you do not see your desired service within the Issuer’s list, please drop us a note and we would swiftly get that service added within 3 business days. 

8. To get your users’ consent to access their Webflow account, call the below API, and redirect users to the “endpoint” returned in Response.

Request:

API:

GET  https://api-g.byteline.io/oauth/webflow/09d01d74-c68e-4018-bdf7-84018662e4d5/your-user-id/authz-endpoint

The UUID is your Byteline user id.

Response:

‍{"endpoint":"https://webflow.com/oauth/authorize?client_id=8e04e9cd2a3e8a74c6d914feb4e068fc2d364b60f87a5042e014b0d1b7688f5a&redirect_uri=https://api-g.byteline.io/oauth/webflow/oauth_callback&state=09d01d74-c68e-4018-bdf7-84018662e4d5&response_type=code&access_type=offline&include_granted_scopes=true&scope=openid&prompt=consent"}

When users are directed successfully to the Endpoint URL, the below screen asks for user’s permissions. 

After the user provides consent to the required site, you can use the below API to get the access token:

Request:

GET https://api-g.byteline.io/oauth/webflow/09d01d74-c68e-4018-bdf7-84018662e4d5/your-user-id/access-token

Response:

{"accessToken":"2615b7fd0dg3eb5950fd932789b6f4ea19f1b0770c7309e668af22017584935b"}

Once done, your service is now ready to be used by users to be authenticated through the Byteline OAuth service. 

Supported SaaS Services

• Byteline OAuth service is build to support any SaaS service that uses OAuth authentication
• Byteline already supports popular services such as Google, Webflow, and Trello. If the SaaS service you need is not yet supported, Byteline can quickly add its support within 3 working days.

Advantages of using Byteline for OAuth

• OAuth integration is typically tricky. Byteline, however, lets you use OAuth Access without having to write a single line of code. All you need to do is call Byteline REST APIs to get a user’s access token. Through its no-code platform, Byteline allows you to focus on building your application and user’s requirement while leveraging its seamless single sign-on experience. Unlike traditional development, executing OAuth using Byteline does not require the complex evaluation of UI frameworks, code logic, data models, and other complexities that increase the workload on your development team. Byteline lets you build your authentication logic visually, and comes with a dynamic database that lets developers create third-party authentication even for the most complex applications. Developers can, therefore, spend more time attending to the needs of the users and ensure that APIs can communicate effectively without a breach of privacy.
• Byteline deals with refreshing access tokens when they expire, so an application owner doesn’t need to worry about it. When a user gets an access token from Byteline, it will be valid and good to use.
• Using Byteline for authorization, provisions a secured access layer based on the OAuth 2.0 security standard. For an application, this also reduces the potential attack surface. Besides, all access tokens in Byteline are encrypted to avoid misuse in the event of a security incident. Besides, Byteline also refreshes tokens as soon as they expire, which means every token you get is valid and ready for use. 

Conclusion

OAuth is an effective authentication framework that can be used by users to access applications/services without the need of using credentials - that too, securely.  OAuth issues tokens, which determine permissions and access rights. This helps implementing a secure, simple single sign-on experience that works across different machines and services for a user. 

Byteline offers its no-code Oauth service that can be used by application or service owners to provision secure authentication easily, without writing a single line of code.