3rd party applications and SSO

Owned by Jaco Kruger (Deactivated)
Last updated: Sept 19, 2018
2 min read

With the API, it's possible to interact with Ecochain data as a 3rd party application.

When the link to the application is built into the Ecochain platform, it's even possible have SSO capabilities for users.

At the time of writing, our API is not fully SSO compliant, but we solve it with a custom flow, where the user first logs into the Ecochain platform, and then opens the 3rd party application with an app specific link.

3rd party application developers would then not expose any login capability of their own, but expect the access and refresh tokens to be passed to them in the form of a GET request.

The following 'launch' parameters will be sent with the GET request when opening the 3rd party application:

  • access_token
  • expires_in
  • refresh_token
  • token_type

It's then the responsibility of the 3rd party applicaiton to extract the value of the 'access_token' parameter and in all following requests to the API, pass it in as a Bearer token.

Let's say that you have developed an app to display footprint data for any products.
Your company is called Acme, and you'd like for Ecochain customers to use your app for displaying their products.

Windmill Company is an Ecochain customer, and they would log into Ecochain to eventually use your app for displaying their products.

Here's how the components work together across the different environments

  1. User is logged into Ecochain and clicks the 3rd party app launch button
    Frontend logic will open a new browser tab and send a GET request to our internal web controller
  2. Our web controller will authenticate the user against the API server and receive an access token

  3. Our web controller will send a GET request with launch parameters to the launch URL of your app
    E.g. 

    curl -X GET ‘https://acme.com/launch?access_token=ABCDEF&expires_in=3600&refresh_token=GHIJKL&token_type=Bearer

  4. Your controller will extract the 4 parameters, and use the access token to make requests to the Ecochain API

    E.g. First get the current user

    curl -H "Authorization: Bearer ABCDEF" https://app.ecochain.com/api/v1/users/me

    then get the current company

    curl -H "Authorization: Bearer ABCDEF" https://app.ecochain.com/api/v1/companies/me

    then get all products for the company

    curl -H "Authorization: Bearer ABCDEF" https://app.ecochain.com/api/v1/companies/{companyId}/products

  5. Your controller will render the page with contents fetched from the API

As you can see, we've made SSO really simple for 3rd party application developers.
All you need to do is expose an endpoint that can receive GET requests with the 4 launch parameters and render the user interface.