Skip to content

Integrated Services

This section provides a listing of integrated applications that Emakin leverages for various functionalities, including Single Sign-On (SSO) and file access.

Details

The following properties define the integration details for each service:

  • Is Enabled?: A boolean flag indicating whether the specified integrated service is active. Disabling a service will consequently disable all associated features, such as its login functionality within Emakin.

  • Service Type: Specifies the type of OpenAuth service being integrated. This categorizes the service (e.g., Google, Office 365, Keycloak, etc.).

  • Name: This serves as an internal identifier for the service. It is not displayed to end-users but is crucial for Emakin to internally reference and manage the service across its features. This field is required.

  • Client Id: The unique client identifier issued by the OpenAuth provider for Emakin's application.

  • Client Secret: The confidential client secret provided by the OpenAuth provider, used in conjunction with the Client ID for secure authentication.

  • Service Callback: Defines the OpenAuth redirect URI (callback address). For security reasons, many OpenAuth services require that the callback address specified during integration precisely matches the one used by the application.

    • Application Callback: Utilizes a generic "oauth" callback address that incorporates the application's name ( e.g., oauth.emakin.com).
    • Domain Callback: Generates a callback address that corresponds to the active domain address (e.g., mydomain.emakin.com).
  • Scopes: Specifies the set of OpenAuth scopes (permissions) that Emakin requests from the integrated service. These scopes determine what information Emakin can access or what actions it can perform on behalf of the user ( e.g., reading user profile, accessing calendar).

Service Authentication

By default, integrated services authenticate using their Client ID and Client Secret. However, for more privileged access to related services, service accounts can be configured. Service accounts offer powerful access, often allowing actions on behalf of users without requiring explicit user consent.

Service accounts can be configured by setting the following properties:

  • Service Account Id: Specifies the identifier of the service account. This value is typically obtained from the credentials provided by the related service.

  • Service Account Key Type: Defines the format or storage location of the service account key.

    • FilePath: Indicates that the service account key is stored as a static file path within the server environment.
    • Base64: Specifies that the service account key is provided as a Base64 encoded string.
    • Json: Indicates that the service account key is a JSON formatted string.
  • Service Account Key: Contains the actual service account key, formatted according to the Service Account Key Type specified.

    Example JSON Type Key Value:

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    {
        "type": "service_account",
        "project_id": "myapp",
        "private_key_id": "85..................80f",
        "private_key": "-----BEGIN PRIVATE KEY-----\nMII.......jw==\n-----END PRIVATE KEY-----\n",
        "client_email": "[email protected]",
        "client_id": "10.......7",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"
    }