HarpGamer Posted November 29, 2021 Posted November 29, 2021 (edited) A lazy ask since I haven't done enough research yet. My community is acting as IDP. My custom web-application, henceforth PoCApp, successfully navigates the OAuth flow to authenticate the user against Invision. Now PoCApp makes API calls to PoCAPI. PoCAPI is separate from Invision. PoCAPI should leverage the bearer token to authenticate and authorize the user for the API call. Is there a standard approach for PoCAPI to communicate with Invision to validate the authentication? I'm suspecting I need to write an addon API (introspection endpoint) to Invision that PoCAPI will call to do the validation but am curious if there is something hiding or some overloading of the OAuth endpoints will get me what I need. PoCAPI will call a separate authorization engine once the authentication is validated. Thank you for helping me overcome the brain block! Edited November 29, 2021 by HarpGamer
Solution Stuart Silvester Posted November 30, 2021 Solution Posted November 30, 2021 Hi! You have a few options really depending on your set up and preferences You could: Add a custom app to Invision Community that adds REST API endpoint and passes requests through to your API after validation. Call the /api/core/me endpoint to see if you get an authenticated response with the token. If you have database access, you could use that to look up the access token and access scopes, this would probably be quicker due to less reliance on HTTP requests. In any of these scenarios you would need to account for access tokens expiring.
HarpGamer Posted November 30, 2021 Author Posted November 30, 2021 Stuart, thank you for the thorough response. I imagine /api/core/me will be my initial approach then swap in a lighter-weight REST API endpoint to do a quicker validation. Stuart Silvester 1
Recommended Posts