OAuth Support

Dexi apps support secure OAuth authentication for 3rd party services such as Google through end-to-end encryption so that only when the app needs it does it have access to the unencrypted access tokens.

The Dexi platform itself is not able to read these encrypted tokens - the app itself holds the encryption key.

To enable 3rd party OAuth authentication for your app you need to define an "oauth" configuration field like the following:

📘

Provider Configuration

You might need to configure the OAuth provider with the following:
Authorized redirect URIs : https://app.dexi.io/oauth2/app/validate
Authorized JavaScript origins: https://app.dexi.io

configuration:
    google:
      title: Google
      type: oauth
      help: Connect your google account to get access to your google account
      required: true
      sortOrder: 1
      configuration:
        oauth: #These 2 endpoints are required. The below configuration is correct when using the Dexi App SDK and implementing the OAuthHandler interface
          redirect:
            method: POST
            url: "${baseUrl}/oauth/redirect"
          validate:
            method: POST
            url: "${baseUrl}/oauth/validate"

A working Java Spring module supporting Google OAuth authentication is available in https://github.com/dexiio/spring-app-sdk-google-oauth.

📘

OAuth versions supported

Note that both OAuth1 and OAuth2 have a similar user flow and therefor both are supported since the actual authentication process is entirely performed by your app.

This can be used as-is for Google authentication or serve as a reference implementation for new OAuth implementations.

An example of using the module can be found here:

https://github.com/dexiio/app-service-googledrive

Further documentation on how an OAuthHandler can be implemented in the Java SDK can be found here: OAuthHandler