Integration with Co-Auth

This page explains how third party applications can integrate with co-auth

Step 1: Settings

Create an new co-auth application and API-key for that application

Step 2: In your initiation request (at backend code)

Create a random string (code verifier), create code challenge (using SHA256 of code verifier), store the code verifier in cache / session to validate later

curl --location '{{COAUTH_API_GATEWAY}}/api/coauth/register/generate' \
--header 'COAUTH-API-KEY: {{GENERATED_API_KEY}}' \
--header 'Content-Type: application/json' \
--data '{
    "userId":"<YOUR_USERID>",
    "module":"TOTP",
    "codeChallenge":"<GENERATED_CODE_CHALLENGE>"
}'

Send the response code from the API to your front end

Step 3: Integrate front end

3.1 Include an <iframe src="{{API_GATEWAY_URL}}/ui/#/{{register/verify}}/{{CODE_FROM STEP2}}" /> into your html

3.2 A JavaScript method to listen for events from iFrame

```vue
const receiveMessage = (event: any) => {
  if (event.data == "transactionComplete") {
    yourapplicationFormSubmitMethod();
  }
}
```

When transaction is completed by the iframe UI, a callback is sent from iframe (web plugin) to your parent page

Step 4: Validate if the co-auth transaction was successful

In your application backend you need to make a status call to verify status

curl --location '{{COAUTH_API_GATEWAY}}/api/coauth/register/status' \
--header 'COAUTH-API-KEY: {{COAUTH_API_KEY}}' \
--header 'Content-Type: application/json' \
--data '{
    "code":"{{INITIAL_CODE}}",
    "codeVerifier":"{{YOUR_PLAIN_TEXT_CODE_VERIFIER}}"
}'

Important

You may want to modify your applications content-source-policy to allow Co-Auth URLs, if Co-Auth is hosted on a separate domain

PreviousIntegration Overview NextTech Stack

Last updated 1 year ago