Create grants with Custom authentication
Nylas v3 preserves Native authentication ("Bring your own token") almost unchanged, but renames it "Custom authentication". If you already have a refresh token (or credentials, if using IMAP) for your end users from your own authentication implementation, you can use it with the Nylas APIs to create a grant and get the grant_id, which you then use in requests to the provider.
If you used Native auth in Nylas v2.x, the only changes are to the Nylas API URLs, the requirement that you create a connector (previously called an "integration") for your application, and the change from token authentication to bearer-token authentication.
If you are handling the OAuth flow in your own application or want to migrate existing users, Custom auth allows you to simply provide the user refresh_token to create a grant.
Use API request for Custom authentication
The following examples show a POST /v3/connect/custom request and a sample response.
{
"provider": "microsoft",
"settings": {
"refresh_token": "1//06lIzwlbg4SgLCgY..."
}
} {
"request_id": "5967ca40-a2d8-4ee0-a0e0-6f18ace39a90",
"data": {
"id": "e19f8e1a-eb1c-41c0-b6a6-d2e59daf7f47",
"provider": "microsoft",
"grant_status": "valid",
"email": "[email protected]",
"scope": [
"Mail.Read",
"User.Read",
"offline_access"
],
"user_agent": "string",
"ip": "string",
"state": "my-state",
"created_at": 1617817109,
"updated_at": 1617817109
}
} Use Nylas SDKs for Custom authentication
You can use the v3 Nylas SDKs to set up Custom auth, as in the examples below.
import 'dotenv/config'
import Nylas from 'nylas'
// Nylas configuration
const config = {
clientId: process.env.NYLAS_CLIENT_ID,
redirectUri: "http://localhost:3000/oauth/exchange",
apiKey: process.env.NYLAS_API_KEY,
apiUri: process.env.NYLAS_API_URI,
}
const nylas = new Nylas({
apiKey: config.apiKey,
apiUri: config.apiUri,
})
const authenticate = async () => {
const response = await nylas.auth.customAuthentication({
clientId: config.clientId,
clientSecret: config.clientSecret,
refreshToken: 'insert_refresh_token_here',
redirectUri: config.redirectUri,
})
return response
}
authenticate() from dotenv import load_dotenv
load_dotenv()
import os
import sys
from nylas import Client
nylas = Client(
os.environ.get('NYLAS_API_KEY'),
os.environ.get('NYLAS_API_URI')
)
REDIRECT_CLIENT_URI = 'http://localhost:9000/oauth/exchange'
response = nylas.auth.refresh_access_token(
request={
"client_id": os.environ.get("NYLAS_CLIENT_ID"),
"refresh_token": '<NYLAS_REFRESH_TOKEN>',
"redirect_uri": REDIRECT_CLIENT_URI
}
) get '/nylas/refresh' do
request = {
clientId: "<NYLAS_CLIENT_ID>",
clientSecret: "<NYLAS_CLIENT_SECRET>",
refreshToken: "<NYLAS_REFRESH_TOKEN>",
redirectUri: "http://localhost:4567/oauth/exchange",
}
refreshed_token = nylas.auth.refresh_access_token(request)
end get("/nylas/refresh", (request, response) -> {
TokenExchangeRequest token = new TokenExchangeRequest("http://localhost:4567/oauth/exchange",
"<NYLAS_REFRESH_TOKEN>",
"<NYLAS_CLIENT_ID>",
"<NYLAS_CLIENT_SECRET>");
return nylas.auth().refreshAccessToken(token);
}); http.get("/nylas/refresh") {
val token = TokenExchangeRequest(
"http://localhost:4567/oauth/exchange",
"<NYLAS_REFRESH_TOKEN>",
"<NYLAS_CLIENT_ID>",
"<NYLAS_CLIENT_SECRET>"
)
nylas.auth().refreshAccessToken(token)
} Creating a Custom auth login page
Nylas provides a login page for Hosted authentication that uses the detect provider API to route user logins to the correct provider.
If you're using Custom authentication instead, you must create a login page for your app where your users enter their login credentials. This should be branded, and can use the Detect Provider endpoint to help route user logins to use the correct Connector.
⚠️ Avoid storing user credentials by making a Custom Authentication request directly from your login page with the user-provided credentials. If you must store the credentials, make sure you do so securely. For more information, see Security best practices.
What's next?
Now that you have created a connector and received a grant, you can do the following tasks: