Skip to main content

Credentials and Session Management

Integration credentials

Superblocks offers several ways of setting credentials to use when connecting to integrations. This method balances ease of use and security by allowing you to decide how your credentials are stored and managed.

  • Enter value directly: You can enter credentials directly into integration configuration forms. Credentials entered this way are stored securely by Superblocks Cloud and only retrieved by the Superblocks Agent when it needs to connect to your data sources.

  • Reference Secret: Using Secrets Management you can reference secrets in connected secret stores using the sb_secrets object. When the Superblocks Agent needs to connect to your data source, it will fetch secrets values from the connected secret manager or from cached secrets. This option makes it easy to centrally manage all of your secrets using Superblocks.

  • On-Premise Agent Environment Variables: Customers deploying the Superblocks Agent On-Premise can configure agent environment variables and reference them in integration configuration forms using the Env object. This approach lets you easily manage and updated environment credentials through your usual infra deployment process, however does require restarting the agent to update secrets.

  • Custom Workflow: For ultimate flexibility, run custom workflows to dynamically fetch credentials for your integration. When using this approach you'll create a Workflow to fetch your integration credentials. When the Superblocks Agent needs to connect to your data source, it will first execute this workflow, then use the returned credentials to connect.

Session management

Superblocks simplies the process of managing API sessions by handling token caching and refresh for you. We also provide various ways to log users out of integration and revoke session tokens, both centrally for all users of your Integration or in code.

Credential/Token caching

Many API authentication methods in Superblocks either collect credentials from your application end-users or fetch short lived access tokens from an authorization server. To improve the user experience and API performance, credentials and non-expired tokens are cached for future use.

Credentials or tokens are cached either client-side or server-side, depending on the auth method.

Client-side caching

Credentials cached client-side are stored in HTTP-Only Secure cookies in the user's browser. These cookies are not accessible to JavaScript and are only used to forward the credentials to the Superblocks Agent when executing APIs.

Credentials are only cached client-side if an auth flow already exposes the credentials/token to the client. Authorization methods that use client-side caching include:

Server-side caching

OAuth 2.0 flows result in a short-lived access token being issued to Superblocks. Access tokens issued as a part of these flows are cached in Superblocks Cloud. These tokens are never directly exposed to end-users by instead accessed behind the scenes by the Superblockcs Agent when required for authorization.

Authorization methods that use server-side caching include:

Learn more about OAuth 2.0 Token Caching

Ending sessions

From time to time you may find it necessary to clear cached credentials or access tokens. Sessions are ended and cached credentials are cleared when:

  • The Integration is updated: When an integration configuration is edited in a way that makes the currently cached credentials invalid, Superblocks will automatically clear cached credentials. For example, if the Authorization/Token URL, Audience, or Scopes of an OAuth 2.0 client changes.

  • Cliking Revoke token: You can clear the cached tokens for all users logged into an integration by clicking the Revoke token button in the Integration configuration.

  • Calling logoutIntegrations(): The Run JS function lets you log the current user out of all Integration sessions from you application's UI. For more details see the docs on thelogoutIntegrations