How To Create And Manage OAuth2 Apps

Summary

Create more integrations for your Bynder brand portal using the OAuth 2.0 setup to quickly provide authorized access to the Bynder API. This empowers users to create account-specific integrations to leverage Bynder throughout their brand ecosystem.

Who?

This feature/solution requires Customer Support to enable, but then individual permissions can be done by the Bynder Admin.

Don't yet have Bynder? Start Here!

The Manage portal settings permission is also required. Once this is enabled, users with Manage OAuth apps permissions can access and configure OAuth applications.

Why?

OAuth2, or Open Authorization, enables a user to grant a third-party application access to their data without sharing their credentials. This is the industry standard for online authorization. Bynder believes in simple, efficient, and secure solutions for our product and integrations, which is why we offer OAuth2 Apps for our users.

How?

Creating A New OAuth App

1. Navigate to Settings > Advanced Settings > Portal settings and click OAuth Apps.

OAUTH_APP.png

2. Click Register new application to create your first OAuth App.

register_a_new_application.png

3. Configure your OAuth App.

details_new_oauth_application_.png

  • Application name

    Enter a name for your application. Use a name that users will recognize and trust.

  • Homepage URL

    Enter the application's homepage URL, where users can find more information about the application.

  • Application description

    Describe what your application can do.

  • Integration

    4. Select from the dropdown of Integrations.

    • Choose Other if your integration is not on the list and type in the Integration Name.

      OTHER_INTEGRATION.png

  • Select grant type

    Choose which of the OAuth 2.0 grant types the application will support. 

    • Authorization Code - Authorization redirect URLs

      Enter the callback URL(s) where the application will redirect after successful authentication, then press Enter to add them.

    • Client Credentials - Assigned user

      Choose the user for whom tokens will be issued. Enter the user's name and click one of the returned search results. We advise creating a dedicated user in the portal if one doesn't exist.

  • Set HTTP access control (CORS) Fill in one or more domains to make cross-domain requests, and press Enter to add a domain.

  • Select scopes

    Define what the application can do on the user's behalf. The API documentation specifies the scopes required to call specific endpoints.

    Click Register application to retrieve a Client ID and Client Secret for your OAuth application.

Note: The Client Secret will be visible only once and must be regenerated if lost. If you regenerate it, your existing operations with the last client secret will no longer work.

Users who manage OAuth Apps can revoke all refresh tokens for an OAuth App and, if needed, delete the application once and for all, permanently deleting the application's associated refresh tokens.

oauth_app.jpg
 

Editing An Existing OAuth App

All OAuth App specifications can be changed except the OAuth scopes. When you want to modify the OAuth scopes, we recommend creating a new application.

  1. Go to Settings > Advanced Settings > Portal settings and click OAuth Apps.
  2. Click OAuth Apps.
  3. Click next to the application you want to modify.
  4. Modify your OAuth App information.
  5. Click Update application to save your changes.
 

Revoking Refresh Tokens

  1. Go to Settings > Advanced Settings > Portal settings and click OAuth Apps.
  2. Click OAuth Apps.
  3. Click next to the application whose refresh tokens you want to revoke.
  4. Click Revoke refresh tokens. A pop-up will open.
  5. Read the warning message, then click Revoke all refresh tokens to revoke the refresh tokens. This action cannot be undone.
 

Deleting An Application

  1. Go to Settings > Advanced Settings > Portal settings and click OAuth Apps.
  2. Click OAuth Apps
  3. Click next to the application you want to delete.
  4. Click Delete application. A pop-up will open.
  5. Read the warning message, then click Delete to remove the application. This will permanently delete the application and revoke all associated refresh tokens. This action cannot be undone.
 

Understanding Grant Types

Part of the OAuth 2.0 specification is grant types, which are different methods for acquiring an access token to authorize API calls.

We offer the following grant types: 

  • Authorization Code + Refresh Token

    The authorization code grant will allow you to access Bynder on a user's behalf. The application redirects the user to the authorization page, where they must log in and approve the request. If approved, Bynder will redirect the user to the application with an authorization code. The application can then exchange this code for an access token.

    A refresh token can be obtained by specifying the offline scope in the authorization request. This token will not expire and allows the application to request new access tokens without user interaction.

  • Client Credentials

    The client credentials grant allows applications to obtain access tokens solely using the client ID and client secret without user interaction. In the case of Bynder, the issued access tokens will still be linked to the configured assigned user.

    This grant is the most comparable to the OAuth 1.0a API tokens. This is helpful for machine-to-machine interaction. 

     

 

FAQs

What does this mean for my existing integrations or scripts calling the Bynder API?

OAuth 2.0 works in parallel with OAuth 1a. They can coexist, but we want to promote OAuth 2.0 (OAuth Apps) as much as possible, since it is the latest implementation for authorized access to the Bynder API and will continue to improve.

What are the main benefits of OAuth 2.0?

Bynder's OAuth 2.0 scope implementation for OAuth Apps provides complete transparency to users about what the application can request on their behalf. In addition, access tokens can now be refreshed, which means users no longer need to re-authenticate every 30 days. Still, they can be refreshed in the background using the OAuth 2.0 service's refresh token.

How to migrate my migrations from OAuth 1.0 to OAuth 2.0?

Customers can easily upgrade to OAuth 2.0 by using our Bynder SDKs. The new endpoints and refresh mechanisms have been fully implemented in all our SDKs, allowing a fast upgrade for your integrations.

How can I update my OAuth App over time?

All OAuth App specs can be changed except for OAuth scopes. At this point, we did not implement the update of the OAuth scopes for an existing application. Therefore, we recommend you create a new application.

Related Articles

How To Enable And Use SCIM With Bynder

Integrations Hub

Level: Expert

Expert-level articles are for users who have significant prior Bynder knowledge. These articles require you to know a lot of Bynder information and may also require higher-level portal rights to accomplish the task outlined within the article. 

Updated