Using Byteline’s OAuth Authentication Without Coding

December 14, 2020
7
-minute read
 
No-Code, OAuth

WEBINAR

Join our free webinar on

Using Byteline Web Scraper

Thursday Jun 10 at 1 pm ET

Join us to learn the usage of Byteline's no-code Web Scraper along with its Chrome extension. We will then utilize it to scrape an eCommerce store.

Check out the agenda and let us know what more should be covered.

Byteline's OAuth authentication without coding

Intro

Open Authorization (OAuth) is a standard describing authenticated access between unrelated servers and services, providing a single sign-on experience across multiple machines. With OAuth, a user does not need to provide a different password, biometric identity, or multi-factor authentication (MFA) every time they log on to a different site/SaaS service. OAuth provides secure delegated access for third-parties by having a Service Provider create an access token and a secret that can be used for secure login by the third-party service. 

The framework eliminates the need to maintain authentication services since users can access third party services without specifically logging into them every time. For a user, this also comes as a great benefit, as he requires a single set of credentials that can be securely used to authenticate into multiple services. While for an organization, implementing OAuth authentication helps win customer trust and focuses specifically on core app development. 

But, can your organization implement an OAuth authentication? Let us find out how your organization can use Byteline’s OAuth Authentication service without writing a single line of code.  

OAuth Authorization Framework 

OAuth uses an authorization layer as a buffer between the third-party application and the service provider. Once a user’s identity has been validated via authentication, OAuth authorization grants the third-party application access. It uses the token to determine the extent of permissions assigned. The Authorization server acts as the main engine for OAuth frameworks, applying access policies, and creating session tokens. The OAuth 2.0 Framework is, therefore, the perfect standard that lets end-users approve interaction between two different applications without having to give away sensitive logon information.

OAuth Authorization has several benefits, including:

OAuth Authorization Flow

OAuth is an authorization protocol that consists of multiple components, so it is important to understand the workflow. In OAuth 2.0, there are two types of flows: Implicit Flow and Authorization Code Flow

For web applications, the Authorization Code Flow allows the most customization and security. Let’s take a look at this workflow. 

  1. First, the user logs in to the regular application; the Service Provider.
  2. The user is then redirected to an Authorization Server.
  3. The server then directs the user to a Login and Authorization Page, where he is prompted for Credentials.
  4. Using the pre-configured login options, the user authenticates access and is redirected to a consent page that lists all permissions granted to the application by the Authorization Server.
  5. Following the authorization, the server redirects the user to the regular application, with a single-use Authorization code.
  6. A Software Development Kit(SDK) then sends a  packet containing this code, a Client ID, and Secret ID to the authorization server.
  7. The server verifies information in this packet.
  8. Once the information is verified, the authorization server responds by creating an Access Token and a Token ID.
  9. The application can then use this token to grant API access to user information.
  10. The API returns the information requested.

Using Byteline to Fetch OAuth Access Tokens  

Byteline OAuth service can be used to get your user’s access token for any of the supported services. If the service you need is not currently supported, please put in a request and Byteline promises to provide that service in a matter of 2-3 working days.

Use Case - Use Byteline OAuth service to authenticate for Webflow CMS

Byteline OAuth service supports Webflow CMS integration that allows you to authorize the Webflow CMS account of your users quickly and easily. Before OAuth access can be used, you need to register your application on Webflow to get Client ID and Secret following these steps:

  1. Log in to Webflow, or create an account by going to https://webflow.com.
  2. On the toolbar, click on Account then select Account Settings from the pop-up menu.

3. On the Account Settings page, navigate to the Integrations tab. Scroll Down to My Applications and click on the Register New Application button.

4. To register your application, fill the fields as follows.

Application Name: The name of the application that appears after authorization.

Application Description: A short description that shows up after user authentication.

Redirect URL: Where users will be redirected after authorization.

Application Homepage: A link to your application’s homepage.

5. After you’re done with application registration, you will be given your application’s Client_id and Client_Secret tokens. These will be configured on the Byteline console so that you can access your user’s Webflow CMS account.

6. To enable OAuth integration, log in to your Byteline console, navigate to Home> OAuth.

7. Under Settings, select your Issuer (Webflow in this case), Client Id, and Client Secret

Note that Client ID and Client Secret are the ones as shown in Step 5 above. 

Quick Tip: Byteline supports almost every OAuth based service. In case you do not see your desired service within the Issuer’s list, please drop us a note and we would swiftly get that service added within 3 business days. 

Byteline OAuth configuration

8. To get your users’ consent to access their Webflow account, call the below API, and redirect users to the “endpoint” returned in Response.

Request:

API:

GET  https://api-g.byteline.io/oauth/webflow/09d01d74-c68e-4018-bdf7-84018662e4d5/your-user-id/authz-endpoint

The UUID is your Byteline user id.

Response:

{"endpoint":"https://webflow.com/oauth/authorize?client_id=8e04e9cd2a3e8a74c6d914feb4e068fc2d364b60f87a5042e014b0d1b7688f5a&redirect_uri=https://api-g.byteline.io/oauth/webflow/oauth_callback&state=09d01d74-c68e-4018-bdf7-84018662e4d5&response_type=code&access_type=offline&include_granted_scopes=true&scope=openid&prompt=consent"}

When users are directed successfully to the Endpoint URL, the below screen asks for user’s permissions. 


After the user provides consent to the required site, you can use the below API to get the access token:

Request:

GET https://api-g.byteline.io/oauth/webflow/09d01d74-c68e-4018-bdf7-84018662e4d5/your-user-id/access-token

Response:

{"accessToken":"2615b7fd0dg3eb5950fd932789b6f4ea19f1b0770c7309e668af22017584935b"}

Once done, your service is now ready to be used by users to be authenticated through the Byteline OAuth service. 

Supported SaaS Services

Advantages of using Byteline for OAuth

Conclusion

OAuth is an effective authentication framework that can be used by users to access applications/services without the need of using credentials - that too, securely.  OAuth issues tokens, which determine permissions and access rights. This helps implementing a secure, simple single sign-on experience that works across different machines and services for a user. 

Byteline offers its no-code Oauth service that can be used by application or service owners to provision secure authentication easily, without writing a single line of code.


Resources

Upvote this feature

If you like this feature and are interested in using it, please upvote it from the Byteline Console at https://console.byteline.io

How can I use it?

This feature is generally available and you can start using it from the Byteline Console at https://console.byteline.io/

Byteline logo

Byteline is a no-code development platform that can cut your development time and cost to a fraction for building production-grade applications. So that you can focus on business, not on development.
The platform provides built-in support for commonly used no-code services such as database, user signup and access control, etc. Sign up today to start building a no-code backend! More info at https://www.byteline.io.