Integrations and Connectors/Connectors/Setup Guides/External Token

Generic HTTP Token Connector

The Generic HTTP Token connector allows you to generate a custom external token as part of the authentication process.

When a user logs in, the connector sends a POST request to your configured endpoint, including the user's information. Your API should respond with a JSON object containing the external token in the token field.

Configuring the Generic Token Connector

Find the Generic HTTP Token connector on the Connectors page of the Descope Console.

  • Connector Name: Provide a unique name for your connector. This assists in distinguishing it, especially when multiple connectors are derived from the same template.
  • Connector Description: Briefly explain the purpose of this connector.
  • Endpoint: Input the API URL endpoint where you'd like to request the external token from. This should start with either http:// or https://.
  • Authentication Type: Descope supports various methods to authenticate with your service. Choose the method that suits your API:
    • Bearer Token: Used for access keys such as JWTs.
    • API Key: This usually involves a key-value pair.
    • Basic Authentication: The traditional username and password method.
    • None: Select this if your API doesn't require any authentication.
  • Headers (Optional): Some APIs need specific headers, usually key-value pairs, to provide more details about the impending action.
  • HMAC Secret (Optional): HMAC is a symmetric key method for message signing. The provided secret will be used to sign the payload. The outcome signature will be sent in the x-descope-webhook-s256 header. The recipient service should use this secret to validate the payload's integrity and authenticity by verifying the supplied signature.
  • Trust Any Certificate: By default, this option is turned off. If enabled, the client will overlook any certificate errors. While convenient for testing, it's crucial to remember that this is an insecure choice for production.

Configuring the generic token connector

Additional Configuration Details

If the endpoint you have created requires authentication make sure to include the authentication header with the correct token type when setting up the connector.

If you would like to test out the connection to the endpoint, press the Test button to check that it is working properly.

Enabling the Connector

Now that the connector is configured, it can be enabled through the External Token section of your Descope project's Settings. Read more on external tokens to enable them in your flows.

The external token generated at the API endpoint will be included in the authentication response at the end of your flows.

External token in response after flow runner

Was this helpful?

Firebase

Use Descope's Firebase Token Connector to generate a Firebase token whenever authenticating

AbuseIPDB

Leverage Descope's AbuseIPDB connector to establish a reputation-based score on a user's originating IP address

On this page