OAuth 2.0: Empowering the Data Source Designer

What is the Data Source Designer and Virtual Module

The Data Source Designer lets you connect with other applications and integrate data into Vtiger. This tool enables the creation of connectors for various actions in Vtiger using standard REST APIs. It provides a rich user interface for configuring URLs, parameters, and authentication details.

OAuth 2.0 for Data Source Designer: Enhancing API Security

As more applications embrace service-oriented architectures, OAuth 2.0 has become essential for secure API communication. This integration ensures safe, seamless connections without storing data in the database.

OAuth 2.0 provides:

  • Better Security: Keeps sensitive data private
  • Improved User Experience: Eliminates the need for repeated credentials
  • Scalability: Flexible authorization flows for varied use cases

Key OAuth 2.0 Components:

  • Client: Requests access
  • Authorization Server: Issues access tokens
  • Resource Server: Validates tokens
  • Resource Owner: Grants access

Configuration Essentials:

  • Client ID and Client Secret: Identifiers for secure access
  • Auth URL and Token URL: Facilitate OAuth flows
  • Scopes: Define access levels

Types of OAuth 2.0

1) User Level OAuth

Description: User Level OAuth ensures that OAuth authentication is linked to individual users. Each user must provide authorization separately, and the obtained OAuth tokens are tied to their specific credentials.

Example Use Case: Access Your Google Contacts in the Virtual Module. Virtual Module allows users to retrieve and display their Google Contacts securely using OAuth 2.0, without storing any contact data in our database. This means your contact information is not saved on our servers, ensuring your data remains private while still allowing you to view your contacts directly from Google.

Why does this matter?

  • Instant Contact Access: View your Google Contacts directly in the Virtual Module without the need to import, store, or sync data.
  • Always Up-to-Date: Any changes made in Google Contacts, such as updated phone numbers or emails, are automatically reflected when you access them in the Virtual Module, ensuring you always have the latest information.
  • Privacy and Security First: Each user must authenticate separately, ensuring contacts remain private and accessible only to the authenticated user.
  • No Data Stored: Virtual Module does not store your contacts. We fetch them in real-time only when needed, and they are not saved to any database, giving you complete control over your data.
  • No Password Sharing: OAuth 2.0 ensures Virtual Module never stores or accesses your Google password. We only retrieve the contact data you’ve approved, securely and temporarily.

With this approach, the Virtual Module provides a simple and secure way to access your Google Contacts without storing or syncing them, ensuring your privacy is always protected.

Key Characteristics:

  • Real-Time Data Access
  • No Data Storage
  • OAuth 2.0 Authentication
  • Privacy and Security
  • Seamless Integration

Essential Points to Remember:

  • User Authentication is Mandatory
  • Temporary Access Only
  • Permissions
  • Real-Time Data Retrieval
  • User Privacy

2) Instance Level OAuth

Description: Instance Level OAuth allows a single OAuth authentication instance to be used across all users within the application. The first user who authenticates establishes the OAuth connection, and the retrieved data is shared among all users.

Example Use Case: Google Contacts Access for Your Business Account in Virtual Module. With Virtual Module, your admin user can authenticate using their Google Business account, allowing access to Google Contacts for all other users. These users can freely view and use the contact data, without storing any data in our database. This process is done securely using OAuth 2.0 authentication.

Steps to Enable Shared Access for All Users:

  • Create a Google Cloud Project: Visit Google Cloud Console and create a new project for your business.
  • Enable Google People API: In the Google Cloud project, go to APIs & Services > Library and enable the Google People API for access to Google Contacts.
  • Generate OAuth 2.0 Credentials: Go to APIs & Services > Credentials, and create OAuth 2.0 client ID credentials for your web application. Note your Client ID and Client Secret for integration.
  • OAuth 2.0 Authentication by Admin: The admin user logs in through OAuth 2.0 using the Client ID and Client Secret to authenticate their Google Business account and grant permission to access contacts.
  • Set Permissions and Scopes: The admin user will authenticate and grant access with the following scope: https://www.googleapis.com/auth/contacts.readonly. This scope allows read-only access to Google Contacts.
  • Sharing Contact Data with Users: Once authenticated, the admin user’s contacts are fetched and made available for all other users in the system to view and use. These users do not need to authenticate again, and the contact data is shared across the platform. No data is stored in the database, ensuring privacy and security.
  • Secure and Private Access: Only the admin’s contacts are accessible, and they are displayed to all users without saving any data in the database, ensuring that your contacts remain private and secure.

Example Flow:

  1. Admin Authentication: The admin user authenticates via OAuth 2.0 using their Google Business account.
  2. Data Retrieval: The admin's Google Contacts are fetched using the Google People API.
  3. Shared Viewing: The fetched contacts are made available to all other users in the system for viewing and usage.
  4. No Data Storage: The contacts are accessed in real-time and not saved permanently in the database.

With this setup, the Virtual Module allows for admin-level authentication while giving all other users easy, secure access to view and use Google Contacts, all without storing any contact data in the database.

Key Characteristics:

  • Admin Authentication Only
  • No Data Storage in Database
  • Real-Time Data Access
  • OAuth 2.0 Security
  • Read-Only Access to Contacts

Essentials to Remember:

  • Only Admin Needs to Authenticate
  • Contacts Are Accessed in Real-Time
  • Data is Not Stored
  • User Access Without Authentication
  • No Changes Made to Contacts

Comparison: User Level vs. Instance Level OAuth
Feature User Level OAuth Instance Level OAuth
Authentication Scope Per individual user Single authentication for all users
Data Accessibility Only for the authenticated user Shared across all users
Security High (personal data protection) Lower (shared access)
Use Case Personal accounts (e.g., Google Contacts) Organization-wide integrations

 

Steps to follow:

  1. Go to data source designer - see

2. Select the type to see all the fields

3. Click on rest and fill in all the fields

4. Now click on test to see the OAuth settings.

5. Fill in all the details, choose what kind of OAuth access to be set, and save it.

6. Now click on the test again to do the authorization by logging into your Google account.

7. Once the data source designer is saved.

8. Create a new Virtual Module and select this data source designer.

9. Now you can go to the respective virtual module and start using it.

We believe these examples will improve your experience with Vtiger CRM. We want to ensure that developers and CRM users can mutually share information and knowledge to further the functionality of the CRM.

Stay tuned for more. Happy Coding!
 
 

Sign up to receive the latest updates!

 
 

Copyright 2025 Vtiger. All rights reserved. Various trademarks held by their respective owners.