Creating connections to many 3rd party APIs

[TapperSeth]

Our goal is to enable a Zapier or Make.com style system in which the end user authorizes my app to use access their accounts on 3rd party providers with different scopes and stores and refreshes the tokens. So a user can come and allow us to access 5 scopes on Google, 3 on Asana and 4 on Facebook. Is this possible using Logto now?

[TapperSeth]

How does the third party service pass the users Auth token to Logto? Is the user redirected when they try to use a resource they dont have a token for ?

…

On Wed, Feb 7, 2024 at 8:59 PM Darcy Ye ***@***.***> wrote: I would say yes, you can add multiple third-party API resources, and all possible scopes under the resource. Grouping the scopes, create corresponding roles, and then assign the roles to your end-users. Your end-users will receive the corresponding scopes after completing the authorization flow. For more details, you can refer to https://docs.logto.io/docs/recipes/rbac/. — Reply to this email directly, view it on GitHub <#5394 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BEWP7CCDRWPSFHKBGQVSSUTYSQWQ7AVCNFSM6AAAAABC6EI3I2VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DIMBRHE4TA> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[darcyYe]

I apologize for my previous misunderstanding of your use case. My previous response could be misleading and I have hidden it.

Based on your description, we believe that your requirement is to obtain and manage access tokens issued by third-party apps through user authorization. With the current Logto system, you can redirect users to the authorization page of third-party apps through connectors and obtain access tokens later. You can declare the scopes required by your business when configuring the corresponding connectors. Currently, the connector social sign-in process in Logto DOES NOT return access tokens (only for internal use to get the user info and hence not stored in our system). What we can support is to return access tokens as well as user info in the user authorization process.

I am not quit familiar with the details of Zapier's workflow, but I can imagine that authorization actions that require user authorization are prone to expiration (even if third-party apps like Google issue refresh tokens at the same time as access tokens). This means that users may need to be engaged frequently and should authorize various apps frequently, which may severely damage the user experience. We believe that a better solution is to use the client credentials grant to obtain access tokens from third-party platforms. In this way, all work can be done in the background without the need for frequent user intervention. In this case, you may not need to integrate Logto.