Is this possible?
I want to submit a feature request, but I am not sure if it is even possible.
1 I want to create a Catalyst based web app where the user logs in using their Zoho credentials.
2 After logging in, they will upload a service account JSON file for a Google API such as Dialogflow ES. The service account JSON file (and the secret key inside) will not be directly visible to my app. But it should be saved using a unique name which is provided by my app.
3 Zoho Catalyst manages the auth completely (safely storing access and refresh tokens), and just hands me the specific access token for the API on demand whenever I ask for an access token for this uniquely-name-service-account. ZC, behind the scenes, will generate this access token by using the credentials stored inside the service account JSON file.
4 This removes me (the developer) from the picture and Zoho becomes entirely responsible for keeping the API secret safe.
By the way, service accounts are different from the OAuth flow where a user gives an app the permission to access their (say) Google Drive. In that case, you can get a single-use access token valid for 60 minutes, and force the user to reauthenticate if the session exceeds 60 minutes.
Here I am talking about a scenario where, say, I host someone's Dialogflow bot backend within my app. Google calls them server-to-server applications. I could still do this by asking the user to authenticate, getting the refresh and access tokens, and then storing the refresh token in my DB. Problem is, now I become responsible for keeping this refresh token secure. I want to know if there is a service to which I can outsource this.
By the way, technically, Zoho is already doing this when you allow a user to integrate Zoho SalesIQ with their Dialogflow ES chatbot. You are already storing the refresh token, which is used to generate a new access token each time the bot responds to the user message. I just want this same functionality available as an external service. :-)
Is something like this even possible?
Topic Participants
Aravind
Arun Gokul
Announcements
Catalyst Video Tutorials!
Hello everyone! We’ve been brewing something exciting behind the scenes, and we’re thrilled to finally share it with you- Catalyst video tutorials are here! We recognized that videos are the predominant medium for learning and discovery these days, so[Webinar] Catalyst Cloud Browser in Action: PDF & Web Rendering Solutions for Regulated Industries
Hi everyone, Have you ever struggled with rigid PDF tools or clunky rendering logic in BFSI or healthcare apps? Do your clients struggle to deliver compliant, dynamic, and automated documents — and most are still stuck with brittle, server-heavy PDF generation?Announcing Catalyst Developer Bootcamps in India - Zoho Community
Hey everyone! We're excited to announce a set of developer bootcamps dedicated to Catalyst! These bootcamps are aimed to empower developers to build, scale, and deploy applications with speed and precision, using Catalyst. Whether you're a newcomer or[Webinar] Upgrade Retail Experiences with Serverless & AI
Ever wondered if you could build lightning-fast, intelligent retail solutions and experiences without touching infrastructure? Join our upcoming live session to explore how you can combine the agility of serverless with the power of large language models[Webinar] Powering Industry Innovation: Building Unified Solutions with Catalyst
Struggling with fragmented apps or patchwork workflows across teams? Join us for a practical session on how developers are building unified, scalable industry solutions using Catalyst by Zoho—without wrangling with infrastructure. In this live session,