OAuth – Register your Application within DRIVR
Creating an ApplicationConsumer allows you to register your application in DRIVR in order to authenticate users against our APIs and manage OAuth flows using the DomainAuthenticationMethods from the previous guide. Additionally, you can control how your app interacts with DRIVR's APIs and manage different OAuth grantTypes.
The DRIVR Login UI simplifies the process by handling user authorization dialogs and token requests. To enable this, your app must be linked to an OAuth consumer/client, which is represented by an ApplicationConsumer. The identifier serves as the client_id in authentication requests.
A grantType defines how your application interacts with DRIVR's authentication system. Here are the available grant types:
-
Authorization Code (
AUTHORIZATION_CODE):- Used for server-based flows where an authorization code is exchanged for an access token.
- Requires at least one
redirectUrito securely handle sensitive information. - Ensures that users are not redirected to unauthorized locations.
-
Password (
PASSWORD):- Allows exchanging a username and password for an access token.
- Suitable for trusted applications where user credentials are directly handled.
-
Refresh Token (
REFRESH_TOKEN):- Enables the issuance of long-lasting refresh tokens to request new access tokens.
- Refresh tokens are tied to the client they were issued for and can be combined with other grant types.
The following example demonstrates how to create a new ApplicationConsumer for local development. This setup allows your app to authenticate against the DRIVR API.
Option 1: Navigate to the DRIVR UI:
- Navigate to the DRIVR UI and go to
Settings -> Application Consumers. - Click on Add Application Consumer to create a new consumer.
- Provide the name and a unique slug for the application within the
Domain. - Select the required Grant Types from
AUTHORIZATION_CODE,PASSWORD, andREFRESH_TOKEN. Specify Scopes such asprofile,email, etc. - Add Redirect URIs. (Note: At least one
redirectUriis mandatory if the grant type isAUTHORIZATION_CODE; otherwise, it is optional.) - Click Create to save the new Application Consumer.
Option 2. Use the GraphQL API:
Alternatively, you can use the following GraphQL mutation to create an ApplicationConsumer:
mutation createApplicationConsumer {
createApplicationConsumer(
name: "my-new-app",
slug: "my-app",
defaultRedirectUri: "http://localhost:8080/auth/callback",
redirectUris: [
"http://localhost:8080/auth/callback",
"http://localhost:8080/auth/another-callback"
],
secret: "nuq1u6k4nWSNgrPEDbHXTqWN4APERZ8X1LPcY9Hov7gHnPcfD1hcNhmMOzoYkAVs",
grantTypes: [
REFRESH_TOKEN,
AUTHORIZATION_CODE
],
scopes: [
"profile",
"email"
]
) {
uuid
identifier
defaultRedirectUri
redirectUris
status
grantTypes
name
slug
scopes
}
}
Response
{
"data": {
"createApplicationConsumer": {
"uuid": "3bd72e78-1f23-2781-8b65-b84e4a2a4765",
"identifier": "my-app.localhost",
"defaultRedirectUri": "http://localhost:8080/auth/callback",
"redirectUris": [
"http://localhost:8080/auth/callback",
"http://localhost:8080/auth/another-callback"
],
"status": "ACTIVATED",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"name": "my-new-app",
"slug": "my-app",
"scopes": [
"profile",
"email"
]
}
}
}
name: The name of your application (e.g., "my-new-app").slug: A unique identifier for your application (e.g., "my-app").defaultRedirectUri: The primary redirect URI for your app (e.g., "http://localhost:8080/auth/callback").redirectUris: A list of allowed redirect URIs for your app.secret: The client secret used for secure communication.grantTypes: The grant types your app supports (Options:AUTHORIZATION_CODE,REFRESH_TOKEN,PASSWORD).scopes: The permissions your app requests (e.g., "profile", "email").
Setting up an Application Consumer is a crucial step in enabling your app to interact with DRIVR's APIs securely.
By configuring the appropriate grant types and redirect URIs, you can ensure a seamless authentication experience for your users. Use the DRIVR UI or the provided GraphQL mutation to create and manage Application Consumers for your domain.