0

Im trying to link AWS Alexa with a backend application(SugarCRM 9.0) which handles OAuth2.0 but different grant-type (password and refresh) and AWS Alexa Requirements are authorization code grant type or implicit grant type.Is there a way to get around this?

I'm not sure if setting up a AWS manage active directory to integrate sugar's user with Alexa, because that will generate infrastructure to a solution that can probably be simplified.I used AWS SSO as an approach to link these service since AWS SSO enables you to makes it easy to centrally manage access to multiple business applications (but not between them)...

Moriuks
  • 129
  • 9
  • Password grant flows are... problematic. https://oauth.net/2/grant-types/password/ - "it is not recommended that this grant be used at all anymore." – LetMyPeopleCode Jun 21 '20 at 00:30
  • While I don't think this will be particularly useful (as I don't see grant type options there), I'll leave this documentation link here, just in case: https://support.sugarcrm.com/Documentation/Sugar_Versions/9.0/Ent/Administration_Guide/System/#OAuth_Keys (It's about the "OAuth Keys" section/module in Administration, which allows you to define custom OAuth-Keys for external applications) – Jay Jun 30 '20 at 14:06

1 Answers1

0

Probably not the answer you want.

You'll likely need to create a middleware service that has people do the Login with Amazon login, and a Sugar CRM login, so you can reference the unique customer ID Login with Amazon creates for them (which will be the same in your skill and middleware if you use the same app ID / security profile) with the access tokens you retrieve for them from SugarCRM.

LetMyPeopleCode
  • 1,895
  • 15
  • 20
  • allright, it brings me closer though....i've been using okta intead of LWA.I can SSO into sugarCRM with SAML and set up an authentication server(also in okta) so alexa can be linked...having Okta as mi authentication server and SugarCRM as my resource server but im still not sure how they are gonna talk to each other – Moriuks Jun 23 '20 at 23:07
  • The main thing is getting the access and refresh tokens from SugarCRM, so your skill or middleware can use them to access the SugarCRM API endpoints on the customer's behalf. Don't know if okta will let you have them. Good luck. – LetMyPeopleCode Jun 23 '20 at 23:16