Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Allowing Users to Get Their Own OAuth Tokens for Accessing an API

DZone's Guide to

Allowing Users to Get Their Own OAuth Tokens for Accessing an API

Let's take a look at an opinion about allowing users to get their own OAuth tokens for accessing an API.

· Integration Zone ·
Free Resource

SnapLogic is the leading self-service enterprise-grade integration platform. Download the 2018 GartnerMagic Quadrant for Enterprise iPaaS or play around on the platform, risk free, for 30 days.

I run a lot of different applications that depend on GitHub and that use GitHub authentication as the identity and access management layer for these apps. One of the things I like the most about GitHub and how I feel it handles it’s OAuth more thoroughly than most other platforms is how they let you get your own OAuth token under your settings > developer settings > personal access tokens. You don’t need to set up an application and do the whole OAuth dance, you just get a token that you can use to pass along with each API call.

I operate my own OAuth server, which allows me to authenticate using OAuth with many leading APIs, so generating an OAuth token and setting up a new provider isn’t too hard. However, it is always much easier to go under my account settings, create a new personal access token for a specific purpose, and get to work playing with an API. I wish that ALL API providers did this. At first glance, it looks like GitLab, Harvest, TypeForm, and ContentFul all provide personal access tokens as a first option for on-boarding with their APIs. Demonstrating this is more of a pattern than just a GitHub feature.

One of these days I’m going to have to do another story documenting the entire GitHub OAuth system because they have a lot of interesting bells and whistles that make using their platform much more secure and just a more frictionless experience than other API providers I use on a regular basis. GitHub has ground down a lot of the sharp corners on the whole authentication experience when it comes to OAuth. It would make a nice blueprint to share, and work to convince other API providers it is a pattern worth following. Reducing the cognitive load around OAuth management for any API integration, and standardizing how API providers support their API consumers and end-users.

I have 3 separate Twitter Apps setup for specific purposes, but I wanted to have a separate personal application just for managing my person @kinlane account. I submitted a Twitter application for review, but haven’t heard back after almost a month. As an individual user of any platform, I should be able to instantly issue a personal access token that lets me, or someone I sanction, access my data and content on the platform. Personal access tokens should be a default feature for any consumer focused platform, putting API access more within the control of each end-user, and the platform power users.

Download A Buyer's Guide to Application and Data Integration, your one-stop-shop for research, checklists, and explanations for an application and data integration solution.

Topics:
integration ,apis ,oauth ,api access ,oauth tokens

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}