Orbita has several built-in providers that you can configure for authentication. You can also configure third-party Oauth providers such as Social media sites including Facebook, Twitter, Microsoft, Amazon, and more. Oauth is an authorization framework specifically built for HTTP APIs that let the users grant access to an application to use their user data.

In Summary, Orbita supports account linking to any third-party system that supports the Auth Code Grant Flow of OAuth 2.0.

In this example, we will use Amazon Cognito. Amazon Cognito service is designed to provide APIs and infrastructure for key features in the user management space such as authentication, authorization, and managing user repositories with different operations for your web and mobile apps. Refer https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html for more information.

This web service lets you add user sign-up, sign-in, and access control to Orbita.

Amazon Cognito

1. Go to console.aws.amazon.com

2. Log in with your credentials when prompted.

3. In the AWS Management Console, under the Security, Identity, & Compliance, select Cognito.
   

   Image Added

4. On the Amazon Cognito home screen, select Manage User Pools.
   

   Image Added

Create a user pool

1. Click on the Create user pool button.
   

   Image Added

2. Give a user pool name and click on the Review defaults button.
   

   Image Added

3. You will be navigated to the review screen. Click on the Create pool button.
   

   Image Added

4. Your User pool is created successfully.
   

   Image Added

General Settings

App client

1. Select the User pool.

2. Navigate to the Side menu > General Settings >App clients.
   

   Image Added

3. Click on the Add an app client button
   

   Image Added

4. Give a name for the app client.
   

   Image Added

5. Configure the rest of the settings as you require (for this example, we use the default settings).

6. Scroll down to the end of the page and click on Create app client.
   

   Image Added

7. Note the App client id. (Client ID is a publicly exposed string that is used by the service API to identify the application and is also used to build the authorization URLs that are presented to the users.
   

   Image Added

8. Click on the Show Details button to view the App client secret.
   

   Image Added

App Integration

App client settings

1. Navigate to the Side menu > App integration > App client settings.
   

   Image Added

2. Click on the Cognito User pool check box.
   

   Image Added

3. Fill in the Callback URL with the chatbot endpoint.
   Eg: https://sandbox15.orbita.cloud:8443/oeapi/bot/docflow

4. Use the https://<domain-name>.orbita.cloud:8443/oeapi/logoutfor the Sign out URL.
   

   Image Added

5. Under OAuth2.0 > Allowed OAuth Flows, enable Authorization code grantand Implicit grant.

6. Under the Allowed OAuth scopes, check everything except the aws.cognito.signin.user.admin.

7. Click Save changes.
   

   Image Added

Domain name

1. Navigate to the Side menu > App integration > Domain name.
   

   Image Added

2. Enter a Domain prefix and click on the Check Availability button
   

   Image Added

3. You will be notified about the availability of the domain name.
   

   Image Added

4. Click on Save changes.
   

   Image Added

Orbita Experience Manager

Provider Settings

1. Login to Experience Manager. Navigate to Global Settings and User profile menu > Settings > Provider.
   

   Image Added

2. On the provider listing screen, click on the icon to Add a provider.
   

   Image Added

3. Give a provider name without spaces.

4. In the Authorization URL field, enter the <Custom-Domain-URL>/oauth2/authorize.

5. In the Token URL field, enter the <Custom-Domain-URL>/oauth2/token.
   

   Image Added

6. Enter the App client id from Cognito.

7. Enter the App client secret from Cognito.

8. Enter callback URL. eg: https://<domain-name>.orbita.cloud:8443/api/auth/<provider-name>/callback
   

   Image Added

9. As we have enabled multiple scopes in Cognito > app client settings, you can provide any of those scopes here.

10. When an account is linked, a placeholder user is created in Orbita. The user is created using the persona type specified in the drop-down menu. Select any one of these. (In this example, we selected patient persona).
    

    Image Added

11. Profile options will fetch and store the information of the logged-in user from the client’s database.
    A Json code that contains the URL, header, method, body, and attributes is to be used in this field to get the data.
    In this example, we used the below code.

    Code Block
    { "url": "https://sandbox15..auth.us-east-2.amazoncognito.com/oauth2/userInfo", "method": "GET", "header": { "content-type": "application/json", "Authorization": "Bearer __ACCESS_TOKEN__" }, "attributes": { "id": "email", "firstName": "name", "lastName": "given_name" } }

12. Click on the button to save the Provider.

Adding the Provider to a Project

1. Navigate to the project listing screen.

2. Click on the verticle ellipses against the project and click on Edit.
   

   Image Added

3. Select the OAuth provider from the dropdown.
   

   Image Added

4. Click on Update.
   

   Image Added

Testing the integration

1. Load the chatbot.

2. Click on the login button when prompted to log in. See How to use Login Directive
   

   Image Added

3. When you click the Login button, you will be navigated to the Cognito authentication page in a new tab.
   

   Image Added

4. Login with an existing account or create a new one using the Sign-up link.

5. If you set the user pool to require further authentication to log in, it will ask for a verification code.

6. Enter the verification code to get logged into the chatbot.

7. You will be navigated back to the chatbot upon successful authentication.

Video Content

https://cdn.orbita.cloud/assets/orbita/experiencedesigner/Authenticationproviders.mp4

Related Articles

How do I link accounts with Orbita and other third party providers?