I want to create my own private app, while still having Pipedream manage the authorization / token refresh process

[dylburger]

I want to create a private app on Pipedream, for an internal / custom app I'm developing, or for a custom OAuth client for an app Pipedream already supports.

For OAuth apps, I like how Pipedream handles the entire OAuth flow for standard app integrations. When I integrate to Spotify for my own use case, for example, I don't want to setup a new client ID / secret, handle the auth redirect, store refresh tokens, and generate new access tokens on my own.

But I often do need to create my own app that authorizes requests on behalf of users. Instead of users granting Pipedream permissions to access their account, I want them to see "My App", with my logo and the scopes that I set for my app. I still want Pipedream to abstract the authorization and token refresh process, but I want it for my own app.

[dylburger]

Note: many apps (e.g. Spotify, Google APIs) include app-level statistics in their dashboards on # users, what types of API endpoints users are hitting, etc. So those statistics, specifically, may not be necessary for the first version.

[dylburger]

We also need to support custom key-based apps, so users can create their own apps that support the addition of arbitrary credentials that they’d otherwise store in environment variables.

[dylburger]

See https://pipedream.com/community/t/design-idea-for-custom-oauth-services-or-secret/629 for some ideas re: an implementation

[cfjedimaster]

Question about this issue: If I wanted to build an app that used the Twitter API and let users sign in themselves so that requests are made with their auth, is this feature related to letting PD support that flow? Basically, I'm looking at an older Node app that used OAuth w/ Twitter and I'd like to move it to PD, but PD would need to support a flow where I let user auth, and then I can make calls with their info.

[dylburger]

Not directly, but this is definitely a common ask and it's on our radar.

Pizzly is a nice alternative in the meantime. I've run the app on Heroku's free tier (the Pizzly GitHub has a button where you can install it in a few clicks).

Pizzly gives you a JS API so you can have users auth from the client. Then they store refresh / access tokens and refresh tokens on your behalf (just like PD would). You can then fetch the most recent access token for a user by "auth ID" using their server-side API. Here auth ID = either one generated by Pizzly, or one set by you on the OAuth flow. So if you have your own user IDs, or want to set the auth ID to be the email address (for example), you can do all of that. The Pizzly docs have a few examples.

So then you'd:

1. Setup the Twitter client ID / secret in Pizzly
2. Auth users on your site using Pizzly JS client
3. When you want to run a workflow for a specific user, send their auth ID via HTTP request to your PD workflow.
4. In the workflow, ask Pizzly for the Twitter access token for that user
5. Use that access token to auth to Twitter.

Here's an example workflow for #3 - 5. Let me know if that helps.

[dylburger]

See #2917, as well. This model should support the Client Credentials flow.

[HelloAlexPan]

Bumping this issue for visibility — we would really really need this feature

[dylburger]

@HelloAlexPan We're discussing a design for this internally. Could you tell me exactly what you're hoping to use it for? I'd love to pass that feedback to the team.

[HelloAlexPan]

We're a multitenant app and we want to use Pipedream as the integration layer for a lot of the integrations we build for our customers.

A use case would be e.g. the following:

• Tenant 1 wants to automatically post a message to Slack when they do an in app action
• Our company creates a Slack app that does this in isolation across multiple tenants. E.g., Tenant 1's in-app action triggers a message in Tenant 1's Slack Channel, and Tenant 2's in-app action triggers a message in Tenant 2's Slack Channel.

With a plan to scale this out across a bunch of different integrations.

Would probably have incredible upside from a business perspective for Pipedream as it allows you to tackle enterprise accounts in an entirely new way

[dylburger]

Thanks!

In case 1, would the Slack auth grant be tied to your end user? i.e. would you expect Pipedream would provide you a way to launch an OAuth authorization popup within your own app, so that your own users could authorize your access to their Slack accounts? Then you'd be able to run workflows on behalf of your users within Pipedream?

In case 2, is that also the case, or would an employee of your company authorize the Slack app within https://pipedream.com like you do today?

[HelloAlexPan]

Hey @dylburger, both 1 and 2 are the same case.

Would the Slack auth grant be tied to your end user? — yes! :)

Have edited the above message to use bullet points

[maxtheman]

I would also find this useful @dylburger. I came across Pipedream searching for the exact use case that @HelloAlexPan described.

[dylburger]

Thanks @HelloAlexPan @maxtheman !

[dannyroosevelt]

Tracking a related feature request separately, to let Pipedream users use Pipedream's built-in triggers and actions with their own OAuth Access Tokens

[GilbertMizrahi]

I need something like this too.

My use case is as follows: I want to create "native" APIs for use in a visual chatbot builder. Let's say the creator of the chatbot intends to save a row to a Google Sheet, based on some inputs via the chatbot.

The idea is that the creator auth on Google Sheets with his own account and then selects a spreadsheet she owns. So the initial step is to have an Authentication process (outside of the Pipedream flow, but that is supported by it).

So, the payload of the API created with Pipedream would be something like this:

{
   "userProfileId": "SOME_USER_ID_GENERATED_BY_OUTH_STEP",
  "spreadsheetId": "SPREADSHEET_ID",
  "range": "'Sheet1'!A1:D1000",
  "labels": [
    "phone",
    "name",
    "where",
    "date"
  ],
  "data": [
    {
      "phone": 16175555555,
      "name": "Pepe Pinto",
      "where": "London",
      "date": ""
    }
  ]
}

[dannyroosevelt]

I need something like this too.

My use case is as follows: I want to create "native" APIs for use in a visual chatbot builder. Let's say the creator of the chatbot intends to save a row to a Google Sheet, based on some inputs via the chatbot.

The idea is that the creator auth on Google Sheets with his own account and then selects a spreadsheet she owns. So the initial step is to have an Authentication process (outside of the Pipedream flow, but that is supported by it).

So, the payload of the API created with Pipedream would be something like this:

{
   "userProfileId": "SOME_USER_ID_GENERATED_BY_OUTH_STEP",
  "spreadsheetId": "SPREADSHEET_ID",
  "range": "'Sheet1'!A1:D1000",
  "labels": [
    "phone",
    "name",
    "where",
    "date"
  ],
  "data": [
    {
      "phone": 16175555555,
      "name": "Pepe Pinto",
      "where": "London",
      "date": ""
    }
  ]
}

@GilbertMizrahi so to confirm, the actual saving of a row to Google Sheets would happen within a Pipedream workflow, is that right? And that user would auth with Google Sheets within your app's UI?

[GilbertMizrahi]

@dannyroosevelt Exactly.

[christopherq]

Interested to know if this already possible. Maybe with Nango?

[jemrickrioux]

Any developments on this? How can we go about authenticating to services that are not already in the list of integrations?

thnaks

[dannyroosevelt]

Any developments on this? How can we go about authenticating to services that are not already in the list of integrations?

thnaks

@jemrickrioux what app are you looking to use in Pipedream? If it's a new app, you can submit a request here: https://forms.pipedream.com/integration-request