Skip to main content

Creating extensions

The extension developers will create and register extensions in your platform. These extensions will have their own resources as well as attempt to access the resources of your logged in users. They will need at Authress service client. Authress service clients track programmatic entities and their permissions to access resources.

Managing Extensions​

The developers will manage their extensions in your platform. These extensions will have their own resources as well as attempt to access the resources of your logged in users. You'll want to provide them the necessary tools for extension development. Authress has wrapped up all the necessary resources in to one place called an Extension.

A Platform Extension in Authress consists of:

  • Service Client - The service client enables the third party extension to make API calls to your API, and request resources based on its granted permissions.
  • Application - The Authress application represents the third party portal, where your users will log into and configure their third party resources using their platform identity.
  • Access Record - The access record is the primary location where the Extension has been granted access to specific resources on behalf of the customer to the customer's data on your platform.

The flow your extension developers to create an extension is:

  1. A developer on your platform requests the creation of a new extension.
  2. Call the Authress API to generate the new Extension.
  3. Create an access record to record that this extension is owned by the user that created it.
Create an extension
import { AuthressClient } from '@authress/sdk';
const authressClient = new AuthressClient({ authressApiUrl: 'https://auth.yourdomain.com' });

async function createExtension(extensionDeveloperUserId) {
  // Create the extension in your database and set up additional information
  const newExtensionData = await internalCreateExtension();

  const extensionData = {
    name: 'New Extension',
    application: {
      // The extension developer's website location
      redirectUrls: ['https://third-party.external.com']
    }
  };
  const response = await authressClient.extensions.createExtension(extensionData);

  // [Optional] Save an access record for that extension
  const newRecord = {
    recordId: `rec_extensions_${response.data.extensionId}`,
    users: [{ userId: extensionDeveloperUserId }],
    statements: [{
        roles: ['Authress:Owner'],
        resources: [{ resourceUri: `platform-extensions/${response.data.extensionId}` }]
    }]
  };
  await authressClient.accessRecords.createRecord(newRecord);
}

  1. To start using the extension they will request an API key. Call the Authress API to generate a secret access key. (see Access Keys for more information on the generation of private keys.)
Request an access Key
import { AuthressClient } from '@authress/sdk';
const authressClient = new AuthressClient({ authressApiUrl: 'https://auth.yourdomain.com' });

async function requestAccesskey(extensionId) {
  // We need to know at run time whether this user should be allowed to
  // * generate an access token, since we created an access record above,
  // * now we can use that to perform a check
  await authressClient.userPermissions.authorizeUser(extensionDeveloperUserId,
    `platform-extensions/${extensionId}`,
    'READ');

  const response = await authressClient.serviceClients.requestAccessKey(extensionId);
  return { clientSecret: response.data.clientSecret, accessKey: response.data.accessKey };
}

Last updated on