OAuth for desktop Applications (Automating OAuth)
OVERVIEW
David Searle We ended up doing something similar - grabbed the initial token by hand, put it into a database, and then have an automated job which uses the refresh token to get a new token every few hours...hopefully it won't ever expire this way, and we don't have to go through the manual steps again. But really it should not be necessary to have to do it. HighQ has dropped the ball on this one.
I ended up writing in a routine within our Intapp Integrate appliance to manage the HighQ tokens in a custom SQL table. You have to run the initial auth process to get the initial auth code and save that against the record, after that it runs automatically.
Sync Table:
Routine:
Doesn't matter if you don't have Intapp Integrate, think the basic principles can be followed with a bit of rework, even just using powershell and curl. Hope this helps someone.
Dave
This is pretty silly IMO. Google, Microsft et al don't require browser-based human interaction to generate tokens for a non-interactive applications (e.g. see https://developers.google.com/identity/protocols/oauth2/service-account). In fact every other API provider I've integrated things with for my company (and that's a lot of APIs!) provides some sort of mechanism to call the API without human intervention. So it's unclear why HighQ doesn't provide a similar flow. Having to manually generate and regenerate the tokens (even once annually), is not a slick experience and is unsuited to modern automation of applications. The guidance on this page appears to be focused on desktop / mobile applications which are still GUI-driven, there is no guidance at all for fully-automated clients, which is surely an obvious use case.
We actually managed to get around this kind of easy thanks to some norwegian guys pointing me in the right direction. It turns out that only the access code and refresh token needs to be generated by admin interaction using a browser. After this if the API is being quired at least once a month a new code is only needed once a year.
Matthew Klestrup yes the documentation is still valid. Our own HighQ drive and office plugin uses the same methodology to generate the OAuth code during an API token generation.
Is this information regarding developing non web based applications still correct? In our company we would like to syncronize data without user interaction.
Comments
6 Comments