跳转至

Foundry-hosted OAuth applications(Foundry 托管的 OAuth 应用)

OAuth applications are pro-code OSDK applications hosted within Foundry that support interactive user authentication using the authorization grant flow. These applications leverage Foundry security primitives for interactive custom applications.

Foundry-hosted OAuth applications are ideal for the following use cases:

  • Interactive web applications that require user authentication.
  • Multi-user applications where different users require different permissions.
  • Pro-code custom applications built with the OSDK and hosted on Foundry.

Architecture

User → Foundry Subdomain → OAuth Flow → OSDK App → Foundry APIs

Foundry-hosted applications are deployed at dedicated subdomains (for example, https://subdomain-for-app.your-foundry-domain.com/) and follow the login flow with OAuth redirect where consent is configurable.

Prerequisites

Before setting up a Foundry-hosted OAuth application, ensure the following:

  • The Foundry platform is configured to use consumer mode.
  • You have the correct permissions to create and host a Developer Console application.
  • You have or have access to frontend development experience to build applications.

Setup

Step 1: Create an OSDK application

Follow our documentation to create a new OSDK application.

  1. Create the application: Use Developer Console to create a new frontend application.
  2. Configure OAuth settings: Use the public client for user authentication.
  3. Define application restrictions: Configure the required restrictions for accessing Foundry resources.

Step 2: Develop your OSDK application

Build your frontend application using the OSDK framework. You can review a TypeScript example in our OSDK documentation.

Step 3: Deploy the application to Foundry

Deploy your OSDK application to be hosted on Foundry, and remember your subdomain.

Step 4: Verify consumer access

  1. Configure application permissions: Grant your consumer rule-based group access to the deployed OSDK application.
  2. Check consumer access in Developer Console: If a user is missing any permissions, add them to the necessary projects within the consumer space to grant them access.
  3. Test user flow: Verify that consumer users can access the application with appropriate permissions.

Troubleshooting

  • Permission issue: Confirm in the Check Access panel that users can access all resources in the application.
  • Scope errors: Validate that the OAuth client has the correct scopes in Developer Console.

User experience issues

You now have a working Foundry-hosted application for secure external consumer use. Your OSDK application provides authenticated users with secure access to Foundry data and functionality while maintaining appropriate permission boundaries and user isolation.


中文翻译

Foundry 托管的 OAuth 应用

OAuth 应用是托管在 Foundry 中的专业代码 OSDK 应用,支持使用授权码授权流程进行交互式用户身份验证。这些应用利用 Foundry 安全原语来构建交互式自定义应用。

Foundry 托管的 OAuth 应用适用于以下场景:

  • 交互式 Web 应用:需要用户身份验证。
  • 多用户应用:不同用户需要不同权限。
  • 专业代码自定义应用:使用 OSDK 构建并托管在 Foundry 上。

架构

用户 → Foundry 子域名 → OAuth 流程 → OSDK 应用 → Foundry API

Foundry 托管的应用部署在专用子域名上(例如 https://subdomain-for-app.your-foundry-domain.com/),并遵循带有 OAuth 重定向的登录流程,其中用户同意环节是可配置的。

前提条件

在设置 Foundry 托管的 OAuth 应用之前,请确保满足以下条件:

  • Foundry 平台已配置为使用 消费者模式
  • 您拥有创建和托管 Developer Console 应用的正确权限
  • 您具备或能够获取前端开发经验来构建应用。

设置

步骤 1:创建 OSDK 应用

按照我们的文档创建一个新的 OSDK 应用。

  1. 创建应用: 使用 Developer Console 创建一个新的前端应用。
  2. 配置 OAuth 设置: 使用公共客户端进行用户身份验证。
  3. 定义应用限制: 配置访问 Foundry 资源所需的限制条件。

步骤 2:开发您的 OSDK 应用

使用 OSDK 框架构建您的前端应用。您可以在我们的 OSDK 文档中查看 TypeScript 示例。

步骤 3:将应用部署到 Foundry

部署您的 OSDK 应用以托管在 Foundry 上,并记住您的子域名。

步骤 4:验证消费者访问权限

  1. 配置应用权限: 授予您的消费者基于规则的组访问已部署 OSDK 应用的权限。
  2. 在 Developer Console 中检查消费者访问权限: 如果用户缺少任何权限,请将其添加到消费者空间内的必要项目中以授予访问权限。
  3. 测试用户流程: 验证消费者用户是否能够以适当的权限访问应用。

故障排除

  • 权限问题:检查访问权限面板中确认用户能够访问应用中的所有资源。
  • 范围错误: 验证 OAuth 客户端在 Developer Console 中是否具有正确的范围。

用户体验问题

现在,您已拥有一个可正常运行的 Foundry 托管应用,可用于安全的外部消费者使用。您的 OSDK 应用为经过身份验证的用户提供对 Foundry 数据和功能的安全访问,同时保持适当的权限边界和用户隔离。