Skip to main content

Authentication

Jadu Connect supports the OAuth2 authorization code grant to achieve single sign-on. This follows the general process where the user is redirected to Jadu Connect to authenticate and then sent back to a given redirect URI with a single-use authorization code.

  • Authorization Code - The standard OAuth flow where the user is asked to 'authorize' your application before being redirected back with a code

Authorization Code

In order to request an access token, you must first request a code from the authorization page in Jadu Connect. Visit the page, providing the following GET parameters:

parametervalue
client_idThe public id for your OAuth client
response_typecode
redirect_uriOne of the URIs in the allowed list for you OAuth Client
stateA single use string that will be returned with your code. This should be validated by your application to protect against CSRF

Example URL to redirect user to:

https://cxm.example.com/q/oauth/v2/auth
?client_id=zbueiup9h80s487asgc4s4gss4kww4cwsgk0owk4gc8s4kkg4
&response_type=code
&redirect_uri=https://myapp/oauth-handler
&state=ABCDEF

Jadu Connect will ask you to sign in at this point if you are not already authenticated. If successful you may be asked to authorise the application, depending on whether or not this has been set as required within the Jadu Connect Integrations Hub.

User is prompted by Jadu Connect to authorise the application User is prompted by Jadu Connect to authorise the application

Once you accept, you are then redirected back to the redirect_uri, containing the code and state in the query string.

https://myapp/oauth-handler
?code=OWFkNTM3NjY2NDZjODhmYzRhYWU4NTFlN2E1MDk4ZGYxMWZlMjNlNzBjNTU1NWNmYWM4ZmRmNThiMDBhNzNkOA
&state=ABCDEF

If there are errors, then the redirect will include the error and description:

https://myapp/oauth-handler
?error=access_denied
&description=The+user+denied+access+to+your+application

The authorization code is valid for 30 seconds. A code can be used only once.

Use the code to request an access token:

curl -X POST https://cxm.example.com/q/oauth/v2/token \
-F client_id=zbueiup9h80s487asgc4s4gss4kww4cwsgk0owk4gc8s4kkg4 \
-F client_secret=4008txjcmcg0scg04oo8wsko054dg2f8ss4gsog0wgg8wwgw4w \
-F grant_type=authorization_code \
-F code=OWFkNTM3NjY2NDZjODhmYzRhYWU4NTFlN2E1MDk4ZGYxMWZlMjNlNzBjNTU1NWNmYWM4ZmRmNThiMDBhNzNkOA \
-F redirect_uri=https://myapp/oauth-handler \

Example response:

{
"access_token":"YTkxZjgwMWM3M2YxNzgzZjY5MmE2NDA1M2MxODdmZWE2NWZkMzFlYzhmMmM2YzA5NDVlMmFkZjczZThkYTJkMg",
"expires_in":3600,
"token_type":"bearer",
"scope":null,
"refresh_token":"MTMwMWU0MDU1NTgzNjM1YzUwYzcwMDc3Zjc2M2U4OTk0ODRlNWY5YjI1NzE0Mjc0MWI2ODQ5NTBmODBiN2Q1OQ"
}