The process of communication between different applications requires establishing a secure connection, which is not as easy as it may sound, with software companies usually not sharing identical interfaces or technology stacks. Luckily, open-standard frameworks come to the rescue, one of which has just been introduced in Leon.

The key feature of OAuth2 (Open Authorization) protocol is a focus on authorization, not authentication. With such a model implemented, an integrated application only requests permission to gain access to particular user data, instead of sensitive data, such as user password. It works as an authorization token that confirms an identity between a third-party software and a service provider. The standard itself is used by companies such as Google, Microsoft, Facebook, or Amazon to permit users to share their account information (but not credentials) with third-party services.

With a framework such as OAuth2 that solves many ongoing issues with authorization between systems, it is much easier for software companies to create a stable and secure connection between each application. More than that, it provides a better control over shared data for system administrators, with accesses that can be revoked at any time if necessary.

 

An impact of OAuth2

How does this implementation affect our clients and partners? First of all, as an open standard it is much easier for third-party app developers to create a stable and secure interface between their applications and Leon, at the same time lowering the development cost for future integrations. The process of introducing new integrations in Leon will be streamlined for them as well, with an automated listing of OAuth-powered integration in the Add-ons section of Leon.

For end-users the introduction of OAuth2 means an easier and faster access to specific data sets (scopes) for other apps in their digital ecosystem and possibly leading to a greater amount of integrated solutions that could become available in Leon in the near future.

 

An Implementation of OAuth2 in Leon

At Leon, we have implemented a 2.0 version of OAuth, which is much more scalable and easier to implement than its predecessor. Our goal was to create an environment for integrations that will make them accessible to multiple operators, with instant visibility in Leon’s Add-ons panel. It has also become an introductory project of the Aviabees initiative, Leon Software is a proud member of.

In order to make full use of OAuth functionality, our integration partners first have to register their application in Leon by contacting our Support. That includes obtaining a client ID and generating a client secret, which are necessary to identify the client in the authentication process. With those at hand, integrators can communicate with Leon API by requesting authorization code that is obtainable through the user's consent for a third-party application to access Leon on his behalf. Having authorization code obtained, an app can now manage tokens received from Leon and access Leon API’s data using a particular data scope.

As a result of our work, we have also updated an existing API documentation for third-party software developers, available at Bitbucket.




An implementation of OAuth2 at Leon Software is a result of a project conducted on behalf of Aviabees. Learn more about this initiative at  www.aviabees.org.

Contact our Support to learn more about this new way of integrating with Leon.

Not yet a member of the Leon community? Contact our Sales team to ask for a demo and find out more or jump straight into the 30-day free trial.