Expand my Community achievements bar.

The next phase for Workfront Community ideas is coming soon. Learn all about it in our blog!
Read now

Support for OAuth 2 in Fusion's Webhook module

Avatar

dishant-chawla
Level 1

3/2/23

Description - The Webhook module in Fusion exposes an API to be called which is not protected by any secured/modern authentication method. There is a way to apply a filter on the request to check for an authentication header, but that would only support Basic Auth. Adding a native support for OAuth (likely using the Adobe IO credentials) would be a great addition to expand the use of the Webhook APIs.

Why is this feature important to you - We (Best Buy) have a lot of use cases where we would want to push data from other applications into Fusion and eventually update it in Workfront. Right now, we cannot use the Webhook module because the API is not protected and doesn't support OAuth which is a core requirement by our enterprise security.

How would you like the feature to work - The Webhook module should be supporting the OAuth 2 authentication which could use an Adobe IO project to generate the client credentials and validate the auth token passed in the header for the Webhook API request against Adobe IO, similar to other IO integrations like for Asset Compute, User Mapping API etc.

Current Behaviour - Fusion's Webhook module does not support any authentication for the API, rather there is a workaround that could be used to support Basic Auth using the request filter which can validate the auth header against a constant value. 

1 Comment

Avatar

5/16/23

@dishant-chawla - (See image) - Breakdown of Modules below -2023-05-17_1-35-34.jpg

Have two pathways come from the Custom Webhook module

  1. Webhook Response Module - "Bad request" (catch failed web-hook provide status code and error message, type, and detail)
  2.  Router
    1. Iterate Headers Module
      1. filter on "name" equal to apikey 
      2. Set variable (tools) Module (set apiKey or authentication)
        1. variable name "apiKey" - variable value "value" 
        2. apiKey is associated with a service/user account in your WF instance
    2. Get variable(tools) module "Get ApiKey" - variable name "apiKey"
  3. HTTP - Make a request module
    1. Authenticate API Key sent through header
      1. URL is based on object being pulled (https://<domain>.my.workfront.com/attask/api/<current version>/<objcode>
      2. select method get, post, put...etc
      3. headers apikey/apikey
  4. Another Router module to do an apikey check 
    1. Webhook Response to show error if wrong apikey
    2.  Successful pathway leads to the data being received 
Reply