November 29, 2021 in Developer Connection
A lazy ask since I haven't done enough research yet.
My community is acting as IDP. My custom web-application, henceforth PoCApp, successfully navigates the OAuth flow to authenticate the user against Invision. Now PoCApp makes API calls to PoCAPI. PoCAPI is separate from Invision. PoCAPI should leverage the bearer token to authenticate and authorize the user for the API call. Is there a standard approach for PoCAPI to communicate with Invision to validate the authentication? I'm suspecting I need to write an addon API (introspection endpoint) to Invision that PoCAPI will call to do the validation but am curious if there is something hiding or some overloading of the OAuth endpoints will get me what I need. PoCAPI will call a separate authorization engine once the authentication is validated.
Thank you for helping me overcome the brain block!
You have a few options really depending on your set up and preferences
In any of these scenarios you would need to account for access tokens expiring.
Stuart, thank you for the thorough response. I imagine /api/core/me will be my initial approach then swap in a lighter-weight REST API endpoint to do a quicker validation.
Started 16 hours ago
Started February 10
Started 8 hours ago