Co-Auth: Documentation
WebsiteDocumentaionGithub
  • 🏠Welcome to Co-Auth Documentation
  • Getting Started
    • Co-Auth Modules & Release Status
      • Time Based OTP
      • Reconfirm
    • Architecture
      • Components Flow
      • Integration Overview
        • Integration with Co-Auth
      • Tech Stack
    • Requirements & Prerequisites
    • Installation
      • Setup as a Test / Dev environment
        • Test Setup on Red Hat OpenShift
        • Test Setup on Kubernetes
        • Cloud Provider
        • Development Setup
      • Setup on Production
  • using COAUTH
    • 🕐Key Concepts
  • API
    • 🕐Overview
    • 🕐API Documentation
  • Advanced Topics
    • Customization
      • Database
      • 🕐Caching
      • Good to Have
  • contribute to CoAuth
    • Contribute
    • Setup a Build Environment
  • Usecases
    • 🙂Articles
    • Implementation Use Case
      • 🕐2nd Factor for Authentication
      • 🕐Securing Internal Pages
      • 🕐Transaction verification
      • 🕐Safeguard from MTM, Keystroke attacks
      • 🕐QR are not just for Login
  • administration
    • 🕐Coming Soon
  • Group 1
    • Behind the Scenes
      • Sponsors
      • Adopters
      • Core Contributors
Powered by GitBook
On this page
  • Step 1: Settings
  • Step 2: In your initiation request (at backend code)
  • Step 3: Integrate front end
  • Step 4: Validate if the co-auth transaction was successful

Was this helpful?

  1. Getting Started
  2. Architecture
  3. Integration Overview

Integration with Co-Auth

This page explains how third party applications can integrate with co-auth

Step 1: Settings

Create an new co-auth application and API-key for that application

Step 2: In your initiation request (at backend code)

Create a random string (code verifier), create code challenge (using SHA256 of code verifier), store the code verifier in cache / session to validate later

curl --location '{{COAUTH_API_GATEWAY}}/api/coauth/register/generate' \
--header 'COAUTH-API-KEY: {{GENERATED_API_KEY}}' \
--header 'Content-Type: application/json' \
--data '{
    "userId":"<YOUR_USERID>",
    "module":"TOTP",
    "codeChallenge":"<GENERATED_CODE_CHALLENGE>"
}'

Send the response code from the API to your front end

Step 3: Integrate front end

3.1 Include an <iframe src="{{API_GATEWAY_URL}}/ui/#/{{register/verify}}/{{CODE_FROM STEP2}}" /> into your html

3.2 A JavaScript method to listen for events from iFrame

```vue
const receiveMessage = (event: any) => {
  if (event.data == "transactionComplete") {
    yourapplicationFormSubmitMethod();
  }
}
```

When transaction is completed by the iframe UI, a callback is sent from iframe (web plugin) to your parent page

Step 4: Validate if the co-auth transaction was successful

In your application backend you need to make a status call to verify status

curl --location '{{COAUTH_API_GATEWAY}}/api/coauth/register/status' \
--header 'COAUTH-API-KEY: {{COAUTH_API_KEY}}' \
--header 'Content-Type: application/json' \
--data '{
    "code":"{{INITIAL_CODE}}",
    "codeVerifier":"{{YOUR_PLAIN_TEXT_CODE_VERIFIER}}"
}'

Important

You may want to modify your applications content-source-policy to allow Co-Auth URLs, if Co-Auth is hosted on a separate domain

PreviousIntegration OverviewNextTech Stack

Last updated 1 year ago

Was this helpful?