Hi. We have a multi-tenant application in which we are building support for using the InfusionSoft API. The different customers, on our side, are differentiated by subdomain. So, we have things like wndr.wearehearken.com
which will be redirected to after going through the “Request Permission” part of the flow for all our customers. Unfortunately, I need to be able to track which customer this was for in order to save the token for them. Help.
This isn’t something that you’ll want to “piece” together. A system like this would be best served by maintaining token and customer domain information in a database on your server and then authentication, management and redirections would be under your control
Yes, we do keep all this in our database. The issue, though, is that our InfusionSoft app can only have a single redirect uri registered (unless I’m misunderstanding, since, on the “Edit Application” form, it only has a single field for the “Register Callback URL”.
So, all our different clients would be authorizing with our “Hearken Integration” app that is registered with InfusionSoft. With a single callback url, I need to have a way to have the callback redirect uri say “this is who we are authorizing”.
Alternatively, I guess I could call back to get the token (using the code), get user information and somehow key off of that to figure out which of our customers it is.
@Corey_Haines we do not enforce the registered redirect_uri, so you can use whatever redirect uri or uris you want. You will have to make sure you use the same redirect_uri for obtaining an authorization and exchanging that authorization code for an access token.
The query string issue is a known issue and we have had an open ticket with our vendor Mashery for a couple weeks now. Hopefully they get it fixed soon. By spec any query string you send via the redirect_uri needs to be included in the final redirect along with the authorization code. I will try to remember to post back here when the issue is resolved.
So you’re just talking about the OAuth token process. Yes, i’ve used a completely different domain to receive tokens as a return so it will work to do so.
Oh, that’s wonderful news! I totally misunderstood the documentation. Thanks so much. We definitely be keeping the same domain across the different calls in one flow. I’ll be working on this over the next two days, so I’ll post back and close when I get it working.
So, I’m using a different URL, and (at least when doing it manually with curl), things are working. Thanks so much for the help!
Having trouble with the refresh token call returning invalid_client, but that’s a separate issue.