Implementation and Security Documentation of the Vrex Autodesk B360 and ACC OAuth Integration
1. Overview of the Integration
The Vrex BIM360 ACC OAuth Integration is established through a series of administrative steps within the Account Admin settings of Vrex. An account administrator initiates the process by adding a custom integration from the settings tab. This process involves selecting the relevant BIM 360 services, inviting a developer via email, and then awaiting the developer’s submission of credentials for approval. Once approved, the integration becomes active.
2. Integration Security Mechanism
The integration leverages OAuth 2.0’s 3-legged authorization, which requires explicit consent from end-users, ensuring that users can only access resources within BIM 360 that they are already permitted to access.
This process begins with the application directing the user to an authorization flow. The user consents to the requested scopes, which triggers the authorization server to redirect to a callback URL with an authorization code. The app then exchanges this code along with client credentials for an access token, which is ultimately provided by the authorization server.
Detailed Integration and Security Steps
I. Setting Up Custom Integrations
- Navigate to the Settings tab in Account Admin.
- Proceed to Custom Integrations tab and select Add Custom Integration.
- In the dialog box, choose BIM 360 Account Administration and/or Document Management, and click Next.
- Select ‘Invite A Developer’ and input the developer’s email ID (e.g., rune@vixel.no).
- After sending the invitation, the developer will receive an Autodesk email to provide their credentials and keys.
II. Developer Credential Submission and Approval
- Post submission, the details provided by the developer are subject to approval.
- Upon granting approval, the integration between Vrex and BIM 360 becomes operational.
III. Operation of the Integration (Securing Access)
- The application directs the end-user’s browser to the OAuth 2.0 authorization flow.
- The user grants explicit consent to the scope of access required.
- The authorization server then redirects the user to the provided callback URL with an authorization code.
- The app uses this code, along with its client credentials, to request an access token.
- The authorization server validates the credentials and returns an access token for the app to access BIM 360 on behalf of the user.
For any further questions, please contact security@vixel.no or support@vrex.no
Vrex BIM360 ACC OAuth Integration sources
1:https://academy.vrex.no/knowledge-base/bim360-integration/https://academy.vrex.no/knowledge-base/bim360-integration/
2: https://aps.autodesk.com/en/docs/oauth/v2/tutorials/get-3-legged-token/https://aps.autodesk.com/en/docs/oauth/v2/tutorials/get-3-legged-token/