Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Allowing Users to Get Their Own OAuth Tokens for Accessing an API

DZone's Guide to

Allowing Users to Get Their Own OAuth Tokens for Accessing an API

Let's take a look at an opinion about allowing users to get their own OAuth tokens for accessing an API.

· Integration Zone ·
Free Resource
CRM integration has become the cornerstone to meeting initiatives across organizations. Explore the top 6 value-driven Salesforce CRM integrations ebook.  

I run a lot of different applications that depend on GitHub and that use GitHub authentication as the identity and access management layer for these apps. One of the things I like the most about GitHub and how I feel it handles it’s OAuth more thoroughly than most other platforms is how they let you get your own OAuth token under your settings > developer settings > personal access tokens. You don’t need to set up an application and do the whole OAuth dance, you just get a token that you can use to pass along with each API call.

I operate my own OAuth server, which allows me to authenticate using OAuth with many leading APIs, so generating an OAuth token and setting up a new provider isn’t too hard. However, it is always much easier to go under my account settings, create a new personal access token for a specific purpose, and get to work playing with an API. I wish that ALL API providers did this. At first glance, it looks like GitLab, Harvest, TypeForm, and ContentFul all provide personal access tokens as a first option for on-boarding with their APIs. Demonstrating this is more of a pattern than just a GitHub feature.

One of these days I’m going to have to do another story documenting the entire GitHub OAuth system because they have a lot of interesting bells and whistles that make using their platform much more secure and just a more frictionless experience than other API providers I use on a regular basis. GitHub has ground down a lot of the sharp corners on the whole authentication experience when it comes to OAuth. It would make a nice blueprint to share, and work to convince other API providers it is a pattern worth following. Reducing the cognitive load around OAuth management for any API integration, and standardizing how API providers support their API consumers and end-users.

I have 3 separate Twitter Apps setup for specific purposes, but I wanted to have a separate personal application just for managing my person @kinlane account. I submitted a Twitter application for review, but haven’t heard back after almost a month. As an individual user of any platform, I should be able to instantly issue a personal access token that lets me, or someone I sanction, access my data and content on the platform. Personal access tokens should be a default feature for any consumer focused platform, putting API access more within the control of each end-user, and the platform power users.

Sync, automate, and notify lead to customer changes across marketing, CRM, and messaging apps in real-time with the Cloud Elements eventing framework. Learn more.

Topics:
integration ,apis ,oauth ,api access ,oauth tokens

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}