OAuth basics with Rally

When a new Rally Application is registered, classified under the Platform category, and made publicly available, it can be found in Rally's onboarding dropdown menu for each Merchant within Rally's Admin.

Given that Rally supports multi-platform flows for OAuth, there are additional steps required to ensure a successful flow completion among Rally API, Rally Connector, and the Platform.

Rally's OAuth Flow

Rally's OAuth flow is employed to obtain tokens for each Merchant between Rally and the connector. As illustrated in the diagram below, the connector is responsible for completing the flow between itself and the Platform.

OAuth diagram

The OAuth flow explained

  1. A Merchant selects the platform they wish to install from the Admin dropdown.
  2. Rally's Admin will display the necessary install scopes. These are predetermined in the Partners dashboard for that specific App/Extension and clarify to the Merchant the scopes (data access) that the Extension is requesting.
  3. Once the Merchant confirms the Extension installation, they will be redirected to the pre-designated install_url in the Application/Extension page.
  4. The partner app/platform connector should then:
    1. Obtain the temporary token (code) from the first redirect GET request query parameters.
    2. Initiate additional flows to acquire Platform credentials and store them directly on the connector.
    3. Swap the temporary code for access and refresh tokens by invoking the Authorize endpoint. Note that the token currently has a lifespan of 15 days, so the implementation of the refresh endpoint is crucial.
    4. Upon finalizing and storing the data, redirect back to the Admin URL using the redirect_uri.

Copyright © Rally Commerce, Inc. 2023. All right reserved.