Supporting OAuth authorization
When a user successfully logs into their linked account, the third-party service returns an authorization code, which is then exchanged for an access token. The access token is required for subsequent requests to the third-party service.
The example given below shows an approach that covers the range of channels supported by EngageOne™ Communicate.
Session variables
In the Communicate session:
- The authCode variable stores the authorization code returned by OAuth.
- The accessToken variable stores the access token. Communicate obtains the access token in exchange for the authorization code.
Authentication
The following example shows how to set up authentication in such a way that all channels are supported (Web Client and Facebook).
Some details about these interactions are given below:
| Interaction | Description |
|---|---|
| Account Link | The account linking process starts with this interaction, which provides an Account Link button. After a successful login on the Facebook or Web Client channels, the OAuth server returns an authorization code to Communicate. |
| Is Authenticated? | This interaction tests whether there is an access token in the session. The condition in this action uses the Is Not Empty operator for this.
|
| Get Access Token | The interaction that requests the OAuth server for an access token. It passes the authorization code (authCode) in the body of the request and saves the returned token in the accessToken variable.Note:If the user hasn't logged on yet (there's no authorization code in the session) then the user is prompted to log in. The interaction to go to is set in the Go here if not logged in field on the Advanced tab. |
| Get user info | In this example, the next interaction. |