When To Create a Custom OAuth Application

CData embeds OAuth Application Credentials with CData branding that can be used when connecting via a desktop application or headless application.

You may choose to use your own OAuth Application Credentials when you want to

• control branding of the Authentication Dialog
• control the redirect URI that the application redirects the user to after the user authenticates
• customize the permissions that you are requesting from the user

Create a Custom App

You will need to log in to https://integrate.37signals.com and register an application to obtain the OAuth client credentials, the OAuthClientId and OAuthClientSecret. You will also need to configure a CallbackURL.

If you are making a desktop application, set the Redirect URL in your application settings to http://localhost:33333 or a different port number of your choice. If you are building a Web application, set the Redirect URL in your application settings to a page on your Web application you want the user to return to after authorizing your application. Set the Redirect URL in your application settings to http://localhost:33333 or a different port number of your choice.

Authenticate to Highrise in a Desktop Application

After setting the following connection properties, you are ready to connect:

• InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.
• OAuthClientId: Set this to the Client Id in your application settings.
• OAuthClientSecret: Set this to the Client Secret in your application settings.
• CallbackURL: Set this to the Redirect URL you specified in your application settings.
• AccountId: Copy this from the URL after you log in to Highrise. For example, if your instance URL is https://MyInstance12345.highrisehq.com/, set the AccountId property to ' MyInstance12345 '.

When you connect the provider opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the OAuth process:

1. Extracts the access token from the callback URL and authenticates requests.
2. Refreshes the access token when it expires.
3. Saves OAuth values in OAuthSettingsLocation. These values persist across connections.

Authenticate to Highrise from a Web Application

To obtain the access token, set the following connection properties:

• OAuthClientId: Set this to the Client Id in your application settings.
• OAuthClientSecret: Set this to the Client Secret in your application settings.
• CallbackURL: Set this to a page on your website you would like users to be redirected to after authorizing your application.

When connecting via a Web application, or if the provider is not authorized to open a browser window, you need to exchange a verifier code for the OAuthAccessToken:

1. Call GetOAuthAuthorizationURL. The stored procedure returns the URL to the OAuth endpoint.
2. Log in and authorize the application. You are redirected back to the callback URL.
3. Extract the verifier code from the "code" query string parameter of the CallbackURL and call GetOAuthAccessToken.

To make requests to Highrise, set OAuthAccessToken and AccountId. When the access token expires, call RefreshOAuthAccessToken. Given a refresh token as input, it returns a valid OAuth access token.