Three-legged OAuth

3rd-Party Apps may need to access a subject’s Covisint information interactively, on a consent-basis.

This can be done via cui.js, which will invoke an API that in turn calls out to the given Application’s Authentication Server for explicit user consent. Once the user interactively approves the request, authentication to the Covisint information is granted for the 3rd-party App. This scheme is commonly referred to as three-legged OAuth.

Using cui.js, there are just two simple steps to getting this user-consent authentication working in your App.

1. Request Consent

The following call will open a popup from Covisint Authentication Server, requesting consent to use the specified Covisint Application.

myCuiJs.doThreeLeggedOAuth({
    clientId: 'your Covisint Application's client id'
})
.then(function(token) {
    // ...do something, now that the token has been obtained.
})
.fail(function(err) {
  // ...handle error.
});

2. Catching the Authentication response

Given 1) consent and 2) successful authentication, the Authentication Server redirects back to your App, with a token parameter added onto the URL.

Cui.js must detect the receipt of this token so it can be cached. This is accomplished by placing the following call on the App page that is pre-registered as the Covisint Application’s oauth.configuration.redirectUri (which can be set via the updateClientApplication() call).

// Catch the authentication response
myCuiJs.handleAuthResponse();

⭐ A reference of all doThreeLeggedOAuth() and handleAuthResponse() options is available here.