Auth Profile

Auth profiles are used to authenticate with external auth services. Currently we support oauth2.

Setup using the cli.

A secret needs to be created, here is an example of a secret required for Microsoft 365 OAuth2.

sb-cli secret create secret.json

{
  "Name": "secretforoauth",
  "Organization": "servisbot",
  "Type": "secretdoc",
  "Value": {
    "secret": "Microsoft Application Client Secret"
  }
}

You will need to then run the following command in the cli

sb-cli authProfile create authProfile.json

authProfile.json file looks like this

{
  "alias": "my-auth-profile",
  "type": "oauth2",
  "vendor": "ms",
  "configuration": {
    "redirectUrl": "https://messenger.servisbot.com/preview.html?endpoint=flowit-endpoint",
    "clientId": "02a1c3ed-6fd0-4482-a61d-e21022f3123124",
    "clientSecret": "secretforoauth",
    "authenticationUrl": "https://login.microsoftonline.com/ed2ad705-5054-474a-8d7e-8b1626c12345/oauth2/authorize",
    "accessUrl": "https://login.microsoftonline.com/ed2ad705-5054-474a-8d7e-8b1626c12345/oauth2/token",
  }
}

You will need to allow the following URLs to the MS authentication section

Redirect Url

This is the url where your messenger is hosted, we will redirect to this page once the oauth handshake has completed, the secure session userToken will be in the url params

Note that the redirectUrl is not the OAuth2 redirect_uri, the redirect_uri should be set to ServisBots token broker API US -> https://9k8lq0k053.execute-api.us-east-1.amazonaws.com/us1/kevlar/v1/ms-oauth2 EU -> https://18qwnrlhb5.execute-api.eu-west-1.amazonaws.com/heupper/kevlar/v1/ms-oauth2

The URL token broker needs to be registered in your Application, for example, in Azure :

Authentication

Authentication Url

This is the url that the user needs to oauth against, this returns the authentication token to the redirect_url mentioned above to be used to request access via oauth

Access Url

This url is used to convert the authentication token to an access token, so we can validate the users session.