Oauth2 protocol to authorize an app

We need some help to understand the functionality of Oauth2 with our service so how we can do it what is the working flow of Oauth2 in freshteam with fdk and our django web application and how we can issue client_id and client_secret from which app? and what is the flow and role of authorize_url and token_url for App Authentication

Our side Done

  1. First we created app in Fdk
  2. we want to integrate our django service app in ‘candidate_sidebar’ for Video interview invite to candidate
  3. we also get candidate details in template file throw freshteam datamethods
  4. also we has implemented local server API and dev=true end of freshteam URL to get candidate details in our app to freshteam that was working
  5. Now for OAuth i created config/oauth_config.json file as mentioned and Declared OAuth Installation Parameters as mentioned in documentation.
  6. After that i show Authorize button at candidate_sidebar in our app

that’s steps i have done. now after the submit of Authorize button what exactly flow is working and what mentioned fields use for which that’s i need to clarify from team

Hi @sahil_intromagic,

Please refer to the OAuth 2.0 framework if you are looking to implement authorization with OAuth 2.0. Our platform follows the standards from the same framework to enable the apps to act as a client with ease.

If you would want to integrate with your own Django application and OAuth is not a preference, a basic authentication mechanism can be implemented in your application to access your API. If OAuth is preferred, the Resource Owner, Authorisation Server, and Resource Server have to be provided from your end. The Authorisation provider is supposed to provide the client registration, the client_id and client_secret can be fetched post-registration of the client and they can be used in the Freshteam app. Please refer to the OAuth protocol flow.

Let me know if you are trying to integrate any other third-party application with OAuth 2.0 and they already have OAuth 2.0 authorization mechanism.

ok according to you Django application And OAuth is not preference to integrate in freshteam? and if want to integrate any other authentication in freshteam to Django can it possible?in your platform

And one more thing is that According to freshteam developer document need to node v12.22 and right now our website working on v14.17.0 so its gives version error after fdk run, so can it possible to run in node v14.17.0? or any other solution for that?

Hello team,

we want to integrate our service in freshteam i already posted my user authentication issues but i am not clarify that answer, we want to provide service in freshteam for recruiter than how we can identify this was the authorize user or its have a access to use our service from freshteam in development stage we got data from freshteam but we can’t understood it’s is authorized user or not, as u told in pervious post if Oauth is is not a preference than use basic authentication so how we use that basic authentication in freshteam for our django app?

Please correct is my following understanding doesn’t sound accurate to you

  1. You have a external Django web application.
  2. You build an app on our platform that currently is hosted runs on Freshteam.
  3. Now you are solving the problem in identifying users who can access the app in Freshteam vs users who are not allowed to access the app in Freshteam.
  4. So far, I assume it’s a custom app that you are building?

The role of OAuth on our app platform:

The OAuth is more like a convenience for the app developer not having to write code to exchange tokens when app is consuming information from 3rd party. (Assuming 3rd party follows RFC6749)

How one can consume Freshteam APIs

  1. You will need to get an API Key.
  2. The Django application can use the access token directly to make API calls to Freshteam endpoints and consume the data
  3. The freshworks app (built on SDK) will need to store the access token from the user during app installation and use it during runtime to consume APIs from Freshteam.

With that understanding, the following way can suit your use case

  1. The loggedInUser in data methods can make an API call to your Django web app. This request will not only have request for video interview URL but also user requesting it.
  2. The Django app can accordingly respond to the SDK app, to show the video interview URL.
1 Like

If your website runs on node v14 and app runs on node v12, these should be seen as two different runtimes in production. All you need during local development is a tool like NVM or N to switch between the node environments and continue work on own apps.

1 Like

We have external Django web application and we are trying to make and external app.
Wherein recruiter using our app on freshteam and schedule video interview on (Platform A) for candidate and inform them via email.

Here we need to understand, how to begin with authentication and authorization, what we understand is there are 2 API keys.
Freshteam API key and API key from (Platform A). With respect to others app that are seeing on freshteam.
We need help in identifying the process of validating the API keys when user submits the key on setting/configuration pages. Do we need to store the API key

@sahil_intromagic Based on your description, I understand that you are building an app on Freshteam and would need to use API for Freshteam and another video interview platform (Platform A).

For authentication and authorization, you can use the Installation Parameters feature in our platform so that the Freshteam admin will provide the API key for Freshteam and Platform A during installation and configuration of your app. You can also find APIs on how to access these configurations within the app from the documentation and our sample app.

The Freshteam product doesn’t provide OAuth-based authorization. Only basic authentication with an API key is available.

If Platform A also provided OAuth-based authorization, you could use that simply by delegating the job of getting the tokens via OAuth2 to the platform as Saif previously mentioned.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.