OAuth2 Authorization framework enables a third-party application to obtain limited access to an external Http service on behalf of the resource owner by orchestrating an interaction between the resource owner and the Http service. On Hypi, application developers can utilize OAuth2 functionality out of the box. Hypi supports a rich set of Http services such as Facebook, Google, Github, Twitter, and more. The following section explains how to integrate OAuth2 functionality in your apps.
- Register Developer Account
- Create OAuthProvider Object
- Trigger Authorization Flow
- Retrieve Access Token
External Http services enable developers to register applications on their platforms and then provide
ClientSecret that can be used at subsequent API requests.
For example, for Google one can register an application on
ClientSecret have been obtained, then start by using GraphQL to integrate OAuth2 to your application on Hypi. Provide the JSON payload data for the GraphQL request under the
Variables tab as an input data..
- GraphQL Query
- Input Data
The following variables can take any value as long as it is described on the enum type in the core GraphQL schema on Hypi.
The definition of the above parameters can be found in the official standard specification of OAuth2 Read more
The following parameters are specific to the external Http service.
For Google, the values would be:
For GitHub, the values would be:
redirectUriTemplate variable is reserved for Hypi in order to handle the callback response from the external Http service. It is always set to as follows:
Then provide the redirection Uri that the enduser should land on after the OAuth2 flow is complete. The value must represent a valid Http formatted Uri.
Hypi will add a query parameter
token to the redirectUri that can be used to communicate with Hypi Platform representing the resource owner who has completed the authorization process. This token is the same as if you were to call the built in
loginByEmail methods in Hypi i.e. it is a JWT token which can be used to call any Hypi API that would otherwise be called with a token returned by one of these methods.
In order to start the authorization process, send the user to the following URL
registrationId is constructed as
instanceId is the Hypi App Instance ID and
OAuthProviderId is the ID of the
OAuthProvider which is created in the first step.
01ERDGNV0W50J8WZZRVXR4KASC then the
and the URL to initialize the flow is
Hypi stores the
accessToken and the
refreshToken and they can be found on the GraphQL type