Authorization Grant Types

Hello,

we're integrating Sugar CRM with our product to import and push data, we're planning on using the REST API. My question is that the authentication flow requires us to get the username and password from the user into our client(Password grant type). Because the client application has to collect the user's password and send it to the authorization server, it is not recommended that this grant be used at all anymore, kind of defeats the purpose of OAuth.

Are there any solutions for 3 legged OAuth flows for on-site sugar instances?

Has anyone used Okta for this(or sugar Identity)? has anyone used sugarCRM API's accessing from okta(not directly to the sugarCRM) ?

the sugar version we're using is v9.0

0 Matt Marum over 3 years ago

We don't yet supported 3 legged OAuth for 3rd party applications. Sugar on-premise & cloud supports SAML Web SSO when integrating with identity providers like Okta or ADFS. But SAML isn't really useful for programmatic access.
I'd agree that we've not implemented the primary OAuth use case but username and password authentication is still a pretty common pattern.
It is on our roadmap to supported 3 legged OAuth for 3rd party applications via SugarIdentity for our SugarCloud products.

App Ecosystem @ SugarCRM
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Karen Escritorio over 3 years ago in reply to Matt Marum

Thanks for the Response Matt,
Can i split sugar as a resource server only and have Okta as a authentication server?is that possible?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Karen Escritorio over 3 years ago in reply to Matt Marum

Thanks for the Response Matt,
Can i split sugar as a resource server only and have Okta as a authentication server?is that possible?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel