Skip to main content

Authorization Definition

As explained in the Authorization with OAuth 2.0 Section, during the OAuth 2.0 flow, Cenit sends an authorization request to a specific authorization endpoint by presenting its credentials (identifier and secret) and the list of scopes, usually separated by comma, to clarify which resources are intended to use. If authorized, Cenit receives a temporary authorization code that will be sent to a specific token endpoint in the authorization server and the code is used for requesting an access token. After getting the access token, it will be sent to the resource server anytime you want to access to a protected resource.

In order to enable Cenit for accessing an API's protected resource you need to create an Authorization. The Authorization contains a Client and this, in turn, contains a Provider. By defining all three of them you embrace every element involved in the OAuth 2.0 flow. So, maybe could be better if you define the provider first, then you can define the client which contains a provider and finally define the authorization which contains a client.

The Security/Authorizations submenu allows to define new authorization as well as managing the previously defined ones.

Add New Authorization​

For creating a new authorization, click the New button (+) in the Generic Menu:

Add Authorization

Then select the type of authorization, usually OAuth 2.0 Authorization, and fill every input field.Pick Authorization

When setting the authorization client, you can select an authorization provider previously defined, or you can create the client from the new authorization interface by clicking the button + in the client field, as explained in Authorization Clients section.

You need to assign the authorization to a Namespace and setting its Name.

Selecting client

Then you need to add the scopes to the list, one by one by pressing the + button that appears in the next figure:

Adding scopes

By pressing the + button repeatedly you can add the scopes, one by one.

In the image below, you should note the + button refers to add a new scope to the list and the x button allows to delete some scope.

Scopes all

You can see the elements in the scope list while you are adding every scope needed.

After completing the scope list and filling the other fields, you can finish the authorization creation by pressing the save button.

At this time, the system confirms the creation of the authorization:

Authorization viewBy selecting the button show in the previous figure, you can see the authorization details.

Unauthorized

The image above shows the recently created authorization in detail. You should note an important issue: it hasn't been authorized. So, a final step is needed in order to complete the authorization definition: to authorize.

Authorize​

When you refresh the list of authorizations, the system shows all authorizations created:

New authorization

The authorization creation process can be completed by selecting the authorization in the list and pressing the Authorize button. In the example, we are going to authorize the authorization named ANAPRUEBA.Test AnaPruebaThe authorization process involves the resource owner, so we probably be redirected to the application we're asking for permission.

So, we could be redirected to different URLs depending on the resource authorization endpoint.

After pressing the button Authorize, we are redirected to Slack APP, as shown in the images below.

Slack

You must select the workspace where you created an APP, from which you have the ID Client and ID Secret previously.

Permitir

Test passed

When the authorization is completed, we can show the authorization details again and we're going to see it was authorized successfully.

Authorized!The authorized check mark indicates we're ready to send requests by using the authorization defined, or rather we got permission to do it.

Of course we need to know the URL we're going to send the request to, so we should define a Connection.