Accela is working to enhance the civic technology ecosystem by creating tools and platforms that developers can use to build new apps and services that change the way governments and citizens interact. One of these powerful components is a new authentication service called CivicID.
CivicID is an OAuth 2.0 service that has been set up specifically to support civic apps. If you’re building a civic application that will require users to log in or create a profile, CivicID is for you. By using CivicID, developers will benefit from leveraging Accela’s technical community and will have the ability to integrate data from multiple government agencies into their apps.
This post will walk through the process of using CivicID to authenticate a user and provide a concrete example using Node.js. All of the sample code used in the screencast below can be found on GitHub, and new examples in different programming languages will be provided in the coming weeks. Additional information on the CivicID authentication process can be found on the Accela Developer Portal.
Authentication for Civic Apps
There are a number of scenarios where a civic application might employ authentication – to allow users to access protected resources, to store account or profile information, to save preferences, etc. Because OAuth 2.0 provides a high level of security and is widely supported, its an ideal foundation for CivicID. The CivicID authentication process follows the standard OAuth process flow (if you’ve used your Facebook or Twitter account to log into a site or service, you are probably already familiar with this process):
- When a user logs in, a special URL to an OAuth provider is constructed and the user’s browser is redirected to the OAuth server. One of the parameters sent with this user redirection is the location of a “callback URL” where the user will be sent when login and authorization is complete.
- The OAuth server prompts the user to enter their credentials, or to create a new account if they don’t already have one.
- If the user has not already authorized the app they are logging into, they are prompted to explicitly grant access.
- After the user has granted access to the app they are logging into, they are redirected back to the app via the “callback URL” specified in the first step. When they make this return trip, a special authorization code value is passed back to the app.
- Finally, when the user returns to the app via the callback URL, a request is made to the Accela API server using the authorization code for a special access token. A civic app will store this token to use instead of storing the user’s login name and password, helping ensure those credentials remain secure.
You typically don’t need to memorize all of the specific details listed above, but it helps to understand how the process works. Pretty much every development language has support for OAuth, and the following example makes use of the awesome Passport authentication solution for Node.js. There is a pretty good list of client libraries on the official OAuth website, and many others are available on GitHub.
Instructions on how to use the sample application are in the README file of the project repo. We’ll walk through the example below.
Building the Next great Civic App
The exciting thing for civic app developers is that not only does CivicID make it simple and easy to use the OAuth specification to more securely authenticate users, it provides access to the Accela technical ecosystem. Accela helps hundreds of governments across the country issue permits, licenses and carry out a variety of other functions. We provide access to these systems for our developers through the Accela Civic platform.
In order to build an app against the Accela Civic platform, developers need an access token generated by the CivicID process – so using CivicID in your apps will give you a leg up on other developers by providing a quick and easy way to integrate with hundreds of Accela customers.
Stay tuned for more posts on using CivicID and building apps that integrate with the Accela Civic platform.