Hi,
I'm new in Creatio. I'm testing the integrations capabilities and I feel uncomfortable with Oauth. I want my user to log into the web service every time they acess my Creatio app. I want the protocol to retrieve their permissions/scopes in order to ensure they can access the data. In Creatio, all is performed on behalf of the user specified in the "Shared User" field. I don't want my users to use those credentials. Is there a way to bypass this ?
Like
Hello!
OAuth (Open Authorization) is a trusted, widely used standard protocol for authentication and authorization. It allows users to grant access to their resources on one website or application to a third-party application without disclosing their credentials, such as username and password. This approach enhances security and reduces the risk of credential theft.
According to the basic logic of OAuth, the connection is created only once and only for one user. You can create another connection for the new user, however, there is no alternative way to bypass the logic as you described.
Hope the information was useful.
Hi,
Thank you for your answer. In that case, I am very curious about how you refresh the token given by the third party application. Essentially, what happens when the token expires ?
Thibault Cros,
To get a refresh_token, it will be necessary to add settings for "Auth code request URL" as it is described here: https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/#how-do-i-get-a-new-access-token--if-my-access-token-expires-or-is-revoked-
We will be glad to help with any other questions.