Authenticate Access Credentials v2.0.2 Help ​

Authenticates access credentials using a username-password pair or token.

How can I use the Step? ​

The Step lets you authenticate access credentials with the Basic and Bearer HTTP authentication schemes. You can use the Step to build Flows that operate credentials to grant access to protected resources.

The Step is a part of the Access Credentials bundle, which provides tools to manage, validate, and maintain access credentials, ensuring the security of your data during API requests.

How does the Step work? ​

The Step offers multiple authentication methods. For each method, it loads existing collections from your key-value storage, where the access credentials are stored. Provided tokens and username-password pairs are verified against the stored data to grant or deny access.

Note: To authenticate access credentials, you can also use the Wait for HTTP Request Step, which provides similar authentication features.

Authentication settings ​

To set up authentication, follow these steps:

1. In the Authentication methods list, select at least one method.
2. For each authentication method, select the collection where the credentials are stored and input credentials.
3. Optional: Turn on the Autodetect from HTTP request toggle and specify the HTTP request headers using the Merge field.
4. Optional: Go to the Authentication errors section and configure authentication error messages.
5. Optional: If you use OneReach flow or user tokens, go to the OneReach token restrictions section and set specific rules for authenticated Flow.

Authentication methods ​

Here are the available authentication methods:

• Username and password: Uses to Basic HTTP authentication scheme that transmits credentials as username/password pairs encoded with Base64 (to learn more, see RFC 7617).
• Base64 encoded string: Similar to the username and password method, but requires an already encoded username/password string as input.
• Bearer token: Uses Bearer HTTP authentication scheme with security tokens known as bearer tokens (to learn more, see RFC 6750).
• OneReach flow token: A bearer token generated by OneReach, specifically designed to authenticate a particular Flow.
• OneReach user token: A bearer token generated by OneReach, intended to authenticate a OneReach user.

Warning: OneReach tokens not only identify the user but also contain permissions to act on behalf of that user. To prevent unauthorized actions within your system, handle these tokens carefully.

OneReach token restrictions ​

In this section, you can specify the restrictions for OneReach tokens. All restrictions are optional. With their help, you can do the following:

• Restrict users to specific account IDs.
• Restrict users to specific user IDs (for OneReach user token only).
• Set the minimum role level (guest, user, admin, or super admin).

Caution: If you select both OneReach flow token and OneReach user token authentication methods, the Step applies token restrictions to both.

Authentication errors ​

In this section, you can customize authentication error messages for the following categories:

• Invalid authentication
• Not authenticated
• Not authorized

Each category includes several specific errors with default messages that you can change to suit your needs. You can enter text manually or using a Merge field here.

Merge field settings ​

The Step returns the result as a JSON object and stores it under the Merge field name. To learn more about Merge fields and how to work with them, see our Merge fields guide.

Output example ​

The output JSON object depends on the development and the settings you provide. It contains information about the authentication method and status, access credentials, and related data, including description, expiration time, and attributes.

For example, if you authenticate access credentials using a username and password method, the resulting JSON object might look like this:

{
    "authed": true,
    "method": [
        " userpass"
    ],
    "user": {
        "username": "johndoe",
        "disabled": false,
        "description": "Feel free to add some notes and credentials-related information here.",
        "attributes": {
            "email": "john.doe@test.com"
        }
    },
    "expiry": {
        "expired": false,
        "ttl": 1659214800000,
        "expiresAt": {
            "ms": 1659214800000,
            "iso": "2022-07-30T21:00:00.000Z"
        }
    }
}

{
    "authed": true,
    "method": [
        " userpass"
    ],
    "user": {
        "username": "johndoe",
        "disabled": false,
        "description": "Feel free to add some notes and credentials-related information here.",
        "attributes": {
            "email": "john.doe@test.com"
        }
    },
    "expiry": {
        "expired": false,
        "ttl": 1659214800000,
        "expiresAt": {
            "ms": 1659214800000,
            "iso": "2022-07-30T21:00:00.000Z"
        }
    }
}

Error Handling ​

By default, the Step handles errors using a separate exit. So if any error occurs during the Step execution, the Flow proceeds down the error exit. For more information, see Error and timeout handling.

Reporting ​

The Step automatically generates Reporting events during its execution, allowing for real-time tracking and analysis of its performance and user interactions. To learn more, see Reporting events

Service dependencies ​

• flow builder v2.34.0
• studio v3.71.0
• bot deployer v2.22.4
• library v2.18.4

Release notes ​

v1.0.0

• Initial release