Authentication
Jadu Connect supports the OAuth2 authorization code grant to achieve single sign-on. This follows the general process where the user is redirected to Jadu Connect to authenticate and then sent back to a given redirect URI with a single-use authorization code.
- Authorization Code - The standard OAuth flow where the user is asked to 'authorize' your application before being redirected back with a code
Authorization Code
In order to request an access token, you must first request a code
from the
authorization page in Jadu Connect. Visit the page, providing the following GET
parameters:
parameter | value |
---|---|
client_id | The public id for your OAuth client |
response_type | code |
redirect_uri | One of the URIs in the allowed list for you OAuth Client |
state | A single use string that will be returned with your code. This should be validated by your application to protect against CSRF |
Example URL to redirect user to:
https://cxm.example.com/q/oauth/v2/auth
?client_id=zbueiup9h80s487asgc4s4gss4kww4cwsgk0owk4gc8s4kkg4
&response_type=code
&redirect_uri=https://myapp/oauth-handler
&state=ABCDEF
Jadu Connect will ask you to sign in at this point if you are not already authenticated. If successful you may be asked to authorise the application, depending on whether or not this has been set as required within the Jadu Connect Integrations Hub.
User is prompted by Jadu Connect to authorise the application
Once you accept, you are then redirected back to the redirect_uri
, containing
the code and state in the query string.
https://myapp/oauth-handler
?code=OWFkNTM3NjY2NDZjODhmYzRhYWU4NTFlN2E1MDk4ZGYxMWZlMjNlNzBjNTU1NWNmYWM4ZmRmNThiMDBhNzNkOA
&state=ABCDEF
If there are errors, then the redirect will include the error and description:
https://myapp/oauth-handler
?error=access_denied
&description=The+user+denied+access+to+your+application
The authorization code is valid for 30 seconds. A code can be used only once.
Use the code to request an access token:
curl -X POST https://cxm.example.com/q/oauth/v2/token \
-F client_id=zbueiup9h80s487asgc4s4gss4kww4cwsgk0owk4gc8s4kkg4 \
-F client_secret=4008txjcmcg0scg04oo8wsko054dg2f8ss4gsog0wgg8wwgw4w \
-F grant_type=authorization_code \
-F code=OWFkNTM3NjY2NDZjODhmYzRhYWU4NTFlN2E1MDk4ZGYxMWZlMjNlNzBjNTU1NWNmYWM4ZmRmNThiMDBhNzNkOA \
-F redirect_uri=https://myapp/oauth-handler \
Example response:
{
"access_token":"YTkxZjgwMWM3M2YxNzgzZjY5MmE2NDA1M2MxODdmZWE2NWZkMzFlYzhmMmM2YzA5NDVlMmFkZjczZThkYTJkMg",
"expires_in":3600,
"token_type":"bearer",
"scope":null,
"refresh_token":"MTMwMWU0MDU1NTgzNjM1YzUwYzcwMDc3Zjc2M2U4OTk0ODRlNWY5YjI1NzE0Mjc0MWI2ODQ5NTBmODBiN2Q1OQ"
}