Auth users with Pipedrive

Alex · May 5, 2022, 1:19pm

Hi Pipedrive Team,
I am developing public integration for Pipedrive and need help.
My service has 1 account for all pipedrive users of one company. For data exchage I use token of first registered admin user. Other users install app and save token in session.

How can I identify users on every launch of my app?

I planned to do so:

Get user ID and company ID from URL.
Send user to pipedrive auth.
On auth callback check if it is true user.
But how to skip this when user is logged in and app is installed?https://devcommunity.pipedrive.com/uploads/db8802/original/1X/68f389c64e196098cb9a9a9c0a33b79811abe989.png

I want check if user is logged in in pipedrive and authenticated, only then show app data. I don’t want store users tokens because when user logged out from pipedrive and close session - access to app data should stoped. Otherwise, the user will have to log out of my application.

Hem · May 9, 2022, 7:05am

Welcome to the community @Alex

Couple of questions:

If I got it right, you seem to provide an account in your product that is mapped to a Pipedrive company. Can you clarify?
Are you using the API token as a way of accessing REST APIs? Why not OAuth? If it’s an admin API token stored on your side, it could lead to more security overhead.

Alex · May 9, 2022, 7:52am

Thanks for answer,
One account of my service must be associated with 1 company in pipedrive. I am using OAuth. When admin first installs my application in pipedrive, my service gets and stores authorization data, which it uses later (to process pipedrive webhooks).

When user runs my application from pipedrive - my site opens with parameters:
?companyId=XXXXX&resource=deal&selectedIds=1&userId=YYYYYYYY&view=details

I need to know if the given user YYYYYYYY is currently logged into pipedrive. To do this, I can send user to OAuth authorization and he will get a message that “App already installed”:
https://devcommunity.pipedrive.com/uploads/db8802/original/1X/68f389c64e196098cb9a9a9c0a33b79811abe989.png
My question is how can I skip this step so that the user doesn’t have to click “Continue to the app”?

When the user logs out of the pipedrive account - he should not be able to access my service.

Hem · May 13, 2022, 7:33am

Hey @Alex
Thanks for the clarification. You can always check if the user has a valid session with the access token and then redirect to the app if required.

Something like this

github.com

pipedrive/example-apps/blob/bb07bb6240d50afd12ed201b269e3610e0fdebbf/apps/caller/server/routers/pipedrive.js#L50-L56


      
          router.use((req, res, next) => {
              if (req.user.length < 1) {
                  return res.redirect('/auth/pipedrive');
              } else {
                  next();
              }
          });

My guess is that you might be already doing this. If not, do consider this approach as it significantly cuts down the time it takes to authorize the user again.

This is a tricky one. The authorization obtained in the first place ensures that the user can access the data independent of his/her login status. The logout mechanism is independent and largely based on how the app would like to handle it.

Alex · May 13, 2022, 8:34am

Thanks for help Hem.
It is important for me to know whether the user is authorized in pipedrive at the time my application is launched. For example, Bitrix24 CRM has a client JS library for these purposes.

system · May 15, 2022, 1:20pm

This topic was automatically closed after 10 days. New replies are no longer allowed.