Sunday, August 7, 2016

BotKit OAuth Login

When a user starts a conversation with your business, you may want to identify her as a customer who already has an account with your business. To help with this, we have created a platform-agnostic secured protocol to link and unlink the messaging end-user identity with your business user identity.

OAuth-style LogIn allows you to invite users to log-in using your existing authentication flow thus to provide a more secure, personalized and relevant experience to users.

To request a Log In return a special message of type LoginOAuthEvent from any applicative webhook.
As this is an interactive message it can only be the last in the list of returned messages and there can only be a single interactive message in the list.

Here is an example of such a reply:

    "botkitVersion": "0.3.0", 
    "messages": [
            "_type": "LoginOAuthEvent", 
            "loginSuccessHook": {
                "webhook": "flight_boarding_pass"
            "text": "Please Login in first", 
            "webLoginUrl": ""
  • _type - Must be LoginOAuthEvent
  • loginSuccessHook - a JSON object with either webhook - an enumeration of an existing webhook, or url
  • text - any text message - mandatory.
  • webLoginUrl -  a URL to the web login page.
The end user will be presented with a log in request. Once she clicks on it she will be redirected outside the messaging platform and into the a web browser window with the business specific log in process.

The URL webLoginUrl will be extended with a query parameter called redirect_uri.
If the log in is successful, redirect the browser to the redirect_uri specified in your callback to complete the flow, and append a new authorization_code query parameter. Eva will add the contents of authorization_code to the subsequent
applicative webhook calls as a new key called privateId.

Detailed BotKit docs can be found here:

No comments:

Post a Comment