We are attempting to integrate Qualtrics with our custom Student Information System restful API using the implicit grant flow of Oauth 2.0.
We aren't comfortable adding secret keys to Qualtrics forms our editors would be able to see and potentially abuse (accidentally removing authentication, ect).
We could build a custom javascript function that sends the client to our Authorization server to get an access token onLoad, that is then used to set an embedded field that is sent to the (API) Resource server as a bearer header. This custom javascript function would be very volatile to Qualtrics updates.
- Another option may be to use our existing federation (SAML) to generate access_tokens.
Best answer by TomG
View original