This section outlines how your custom Drupal module facilitates OAuth2 integration with the Opigno Backoffice via Opigno Connect. The Opigno Connect is a plugin-oriented architecture that forms the foundation of the entire Opigno Connect Authorization. It supports various authorization methods and manages user context at all levels of interaction between the Backoffice (Opigno Enterprise API) and the Client Platform. Key Feature: Extensibility. New authorization mechanisms can be added without modifying the core code, making the system adaptable to future changes.

Installation

Before requiring the custom module, ensure that the necessary private repository is configured in your Composer setup. This is a prerequisite for Composer to locate and download the module package. To do this, add the repository to your composer.json configuration using the appropriate command or by editing the file directly.

Configuration Management

The opigno connect provides a user interface or configuration forms to simplify the setup of OAuth2 client credentials specific to your integration needs. This could involve:
  • Allow administrators to input the Client ID and Client Secret for the Backoffice.
  • Providing options to configure the scope required for your custom integrations.
  • Integrating with Drupal’s Key module to securely store these sensitive credentials (as recommended)

Using Opigno Connect Services

Opigno Connect provides a set of core services to handle the OAuth2 authentication flow and facilitate secure communication with the Backoffice.

1. Authentication and Token Management

  • OpignoConnectorService
    This service initiates the OAuth2 flow and is responsible for obtaining access tokens using the configured client credentials.
  • generateAuthToken()Function
    A utility function offered by Opigno Connect that can be used programmatically to retrieve access tokens when needed.

2. API Request Authorization

  • ClientFactory
    When making API requests to the Backoffice, the access token is automatically included in the Authorization header using the Bearer scheme:
    Authorization: Bearer <access_token>
    
  • Acting on Behalf of Specific Users
    To perform actions in the context of a specific user, the Opinion-Client-UUID header must be added to API requests. This header identifies the user on whose behalf the request is made:
    Opigno-Client-UUID: <user_uuid>