Closed simonphughes closed 2 years ago
plittlewood-rpt
commented
2 years ago Hi @simonphughes - can I ask if you are a customer of ours or an external developer? Just so I'm clear on your requirement here, are you wanting users to be able to authenticate with your own APIs using their Reapit Connect credentials? Thanks
simonphughes
commented
2 years ago We are a software developer who have a product which is used in many verticals, but we do have a lot of estate agents.
We want a small UI widget placed in reapit that will make calls back to our API. our API is secured by OAUTH tokens issued by own own identity provider. We dont want the user to have to log into our system, so ideally we need to someone either trust your tokens, or swap one of your tokens for one of our tokens.
Thanks.
plittlewood-rpt
commented
2 years ago Hi @simonphughes - if you are building an app that is to be launched in Agency Cloud, Reapit Connect must be used as the authentication on the app as stipulated in our Developer T+Cs. How you managed the trust relationship between Foundations and your own environment is ultimately down to you. You may want to look at our Reapit Connect documentation about using identity tokens which takes you through validating that the identity token can be trusted. From here you should be able to link users up with your own platform (using information in the identity token). I hope this helps
plittlewood-rpt
commented
2 years ago Hi @simonphughes - having not heard back form you following my last response I will close this ticket. Please reach out to us again if you still have questions about the above.
github-actions[bot]
commented
2 years ago It looks like you have commented on a closed issue. If your comment relates to a bug or feature request, please open a new issue, and include this issue number/url for reference. For more information on our processes, please click here
We are looking to integrate our application into reapit. Given we have an existing application and an external api with our own set of users all based on standard OAUTH2 flows, is there a best practise way to support this using some single sign-on? Ideally we would like to embed a small form in reapit, and then call our APIs.