Integrate Applications and Services (Lasernet, Other Formpipe Applications, and Third-Party Applications) with Autoform DM

When SSO is enabled, any service or client that will use the Autoform DM REST API to integrate with the application must be able to request and then present an access token (in order to authenticate).

This mechanism of exchanging a client ID and secret for a short-lived token that can then be used to access the target resource is a standard OAuth2 flow. As a result, it is strongly recommended that any external services that need to authenticate with Autoform DM use any of the widely available third-party OAuth2 libraries to do so.

The ID and secret that a service must use as part of this flow are supplied by the appropriate Keycloak “client”. For more information about creating a Keycloak client for an external service, see the client configuration part of Install and Configure Keycloak.

When you create a Keycloak client, Keycloak generates client-specific endpoints; one of these is a token endpoint. The external service will use this endpoint to exchange its client ID and secret for a token, which it can then present as part of REST API requests to Autoform DM as an HTTP Bearer token.

For example, suppose the client ID of the Keycloak client is my-dm-integration and the generated secret is 123456-7891011 . A service or client would perform the following actions to make a REST API request:

1. Combine the client ID and client secret and then base64 encode the result:

   • Base64(my-dm-integration:123456-7891011) = YXV0b2Zvcm0tZG06MTIzNDU2

2. Make a request to Keycloak for an access token against formpipe-dm-realm:

   • Set the Basic Auth header to the encoded ID+Secret.

   • Set grant_type=client_credentials in the body or URL.

3. The returned token is then used to make a request to Autoform DM. The token value is set as a Bearer token authentication.

The following diagram provides an overview of the process.