OAuth2 Application
An OAuth2 Application is the right base when the third-party service uses OAuth2 (authorization code, client credentials, refresh tokens). The platform owns the token lifecycle: redirecting the user, storing access and refresh tokens, refreshing them before expiry, and handing the current access token to your connectors.
For background see Concepts: Connectors and Applications and the "magic refresh" section of Authentication and settings.
Class to extend #
| SDK | Base class |
|---|---|
| Node.js | AOAuth2Application (extends AApplication) |
| PHP | OAuth2ApplicationAbstract (extends ApplicationAbstract) |
What you implement #
| Method | Purpose |
|---|---|
getAuthUrl() | The provider's authorization endpoint. |
getTokenUrl() | The provider's token endpoint. |
getScopes() | The list of OAuth2 scopes to request. |
getFormStack() | The settings form (client id, client secret, optional service-specific fields). |
getRequestDto() | Builds an HTTP request with the current access token attached. |
The platform calls refreshAuthorization() on your behalf when the token nears expiry.
Minimal example #
// worker/src/Wflow/WflowApplication.ts
import AOAuth2Application from '@orchesty/nodejs-sdk/dist/lib/Authorization/Type/OAuth2/AOAuth2Application';
import ApplicationInstall from '@orchesty/nodejs-sdk/dist/lib/Application/Database/ApplicationInstall';
import RequestDto from '@orchesty/nodejs-sdk/dist/lib/Transport/Curl/RequestDto';
import { HttpMethods } from '@orchesty/nodejs-sdk/dist/lib/Transport/HttpMethods';
export const NAME = 'wflow';
export default class WflowApplication extends AOAuth2Application {
public getName(): string { return NAME; }
public getPublicName(): string { return 'Wflow'; }
public getDescription(): string { return 'Wflow ERP integration'; }
public getAuthUrl(): string { return 'https://auth.wflow.com/oauth/authorize'; }
public getTokenUrl(): string { return 'https://auth.wflow.com/oauth/token'; }
public getScopes(): string[] { return ['read_invoices', 'write_invoices']; }
public getRequestDto(
dto: ProcessDto,
applicationInstall: ApplicationInstall,
method: HttpMethods,
url?: string,
data?: unknown,
): RequestDto {
const accessToken = this.getAccessToken(applicationInstall);
return new RequestDto(url ?? '', method, dto, JSON.stringify(data ?? {}), {
'Content-Type': 'application/json',
'Authorization': `Bearer ${accessToken}`,
});
}
}
Authorization flow #
The Admin UI handles the user-facing flow:
- The user opens Applications -> Wflow -> Authorize.
- The platform builds the authorization URL using
getAuthUrl()+getScopes()+ the configured client id and redirect URI. - The user is redirected to the provider, signs in, approves the scopes.
- The provider redirects back to the platform's callback URL with an authorization code.
- The platform exchanges the code for tokens via
getTokenUrl()and stores them in theApplicationInstall.
From here on, every connector call has a fresh access token, and the platform handles refreshes automatically.