Oauth Request is a http contract operation for user linking.
It links the Provider user to MoneyMade Connect OAuth API.
As a best practice the OAuth Request is typically handled by backend and frontend side.
This algorithm contains the following steps:
-
Widget opens the Provider OAuth Url depends on Provider OAuth Strategy
-
Once user logs in to account, Provider frontend reads signature and payload from query string params on Provider OAuth Url, Provider frontend sends it to Provider backend.
-
Provider backend validates the signature and handles user linking.
Once it's done, Provider backend makes Finish OAuth request.
Then Provider backend sends redirect url to frontend. -
Frontend uses redirect url. It's redirect to MoneyMade OAuth API backend which finishes the operation.
-
MoneyMade OAuth API backend closes Connect Widget.
Provider OAuth Url
It's a url to Provider web page which handles OAuth Request.
It's typically login form which logs in the Provider user.
MoneyMade Connect OAuth API sets the oauth-signature and payload query string params.
For example, Provider OAuth url 'https://provider.com/oauth/moneymade' will look like:
https://provider.com/oauth/moneymade?signature=1234&payload=da9d123
Provider OAuth Strategy
The way how to open oauth url. It may be 'popup' or 'iframe'.
It should be chosen depends on technical and security conditions.
OAuth payload
Query string parameter "payload" which is received from Provider OAuth Url.
It contains external userId which is linked by OAuth Request.
OAuth Signature
Query string parameter "signature" which is received from Provider OAuth Url.
This is a signature which is used to validate the OAuth Payload.
See security signature generation for more info.