Store additional password(s) for users

Hi there,
In order to connect our application to a third party app I need to store the password the user is using with this third party app.
I can’t use user tags as those would not be encrypted and I can’t use the same password the user is using with our app.
This additional password would then be used with HTTP post requests.
What’s the best way to sort this out?

@Jules_Huguenin we do not have any kind of storage mechanism that would encrypt the password; user tags and data tables, which I would normally recommend for this kind of per-user metadata, do not have any encryption options.

What is the third-party service in question? Does it offer any kind of token-based authorization? That would be more palatable to storing using one of those options as tokens can be revoked and their scopes limited. Or perhaps the service supports an OAuth flow?

If you can tell me how you are utilizing the service as part of your application experience, I may have some better recommendations.

Hi @Dylan_Schuster, the third party service is UpKeep, UpKeep API Reference.
I need the user to log in via the API to retrieve a session token.
Thanks for your help.

Looking at their documentation, it does not appear they allow for generating service tokens for interacting with their API. They also do not expose an SSO service that would allow your users to sign in on Upkeep, grant permissions, and send the token back to Losant through their portal. That makes this more complicated.

I would reach out to UpKeep and see if they provide such a service or if they plan to soon. That is far and away the easiest and most secure way to get what you’re looking for.

Assuming they’re not … Are you looking to construct a simple widget that allows users to view and create UpKeep requests from within an Experience Page? Do you need access to this information per-user within a Losant workflow?

In the absence of SSO, I’m thinking the most secure way to get what you’re looking for is …

  1. In your Experience Page, add a sign-in form that takes the user’s UpKeep username and password.
  2. On submit, asynchronously send the request to UpKeep’s authentication API endpoint. (This keeps the user’s credentials from touching Losant’s servers.)
  3. When you get a successful response …
    a. If you are only building a widget, store the user’s token in a browser cookie. OR
    b. If you need that token to read user data in a workflow with an HTTP Node, then send another asynchronous request to an Experience Endpoint that POSTs the user’s token to an Experience Workflow.
    c. Within the workflow, you can then store that token as a user tag and utilize it to make the requests against the UpKeep API.

This would require a significant amount of JavaScript / web development; in addition to the above, you’ll need to handle invalid credential submissions, expired tokens, etc.

1 Like

Thanks @Dylan_Schuster, what you describe is what I had in mind unfortunately.
There won’t be a widget in the experience, just requests running in workflows regularly.
I guess I can get the user to log in again when the token expires.
Thanks again for your help.