We are happy to announce our new implementation of OAuth 2.0 server for OroCommerce, OroCRM, and OroPlatform, which is available as a free extension on our marketplace! OAuth 2.0 is the industry-standard protocol for authorization that focuses on client developer simplicity while providing specific authorization flows for different types of applications and devices. With this extension, your Oro-powered applications will support the OAuth 2.0 client credentials authorization grant flow to enable secure connection of third-party applications to the Oro web API.
The following diagram illustrates the basics of this type of authorization.
To connect a third-party application via OAuth 2.0 authorization to your Oro application, you simply need to add it in the Management Console and save its pre-generated credentials (ID and secret). These credentials are managed on the user level, which makes it possible to generate different credentials for various applications across multiple organizations.
For more information on how to configure and use this extension, please follow the recommendations described in the Documentation.
For user instructions on how to add OAuth 2.0 applications to your Oro application, please follow the user guide.
Before installing an extension please check Oro Documentation for extensions installation and management instructions.