This is a standalone manual E2E project for Daptin integrations that execute with a user-selected OAuth token or a user-selected custom credential.
Runtime serving is Daptin only. This demo does not ask users to build Daptin. Use either the published Docker image or a binary downloaded from the latest GitHub release. Node is used only to compile the static browser app into dist/, and the site is published into Daptin local storage as a subsite.
- GitHub OAuth app connection stored in
oauth_connect - Per-user GitHub OAuth tokens stored in
oauth_token - OAuth integration execution with
oauth_token_id - GitHub PAT and Stripe custom credential integrations with
credential_id - Wrong-user denial paths for OAuth tokens and credentials
- Header override protection by sending a malicious
Authorizationaction input
- Docker, or internet access to download the Daptin GitHub release binary
- Node 20+
- A GitHub OAuth app with callback URL:
http://localhost:7336/oauth/response?authenticator=github-e2e
Use two real GitHub accounts for the multi-user OAuth checks.
cp .env.example .env.localSet:
GITHUB_OAUTH_CLIENT_ID=...
GITHUB_OAUTH_CLIENT_SECRET=...
Keep DAPTIN_OAUTH_REDIRECT_URI as http://localhost:7336/oauth/response. Daptin appends ?authenticator=github-e2e when it builds the provider authorize URL, so the GitHub OAuth app callback URL must include that query string.
Start Daptin from Docker in one terminal:
npm run docker:upThe default image is daptin/daptin:v0.12.2, because Docker does not currently publish a latest tag.
Or run the GitHub release binary directly. The default DAPTIN_RELEASE_TAG=latest downloads the latest release asset:
npm run daptin:releaseThis downloads the daptin/daptin release asset for your OS/architecture, then stores Daptin DB/files under this demo's daptin-data/.
On Apple Silicon, release-binary mode uses Daptin's published darwin-amd64 asset. Use Docker if Rosetta is not available.
Bootstrap users, OAuth connector, integrations, actions, and the subsite row:
npm run setupThe scripts call instance actions as /action/{type}/{action} with {type}_id in attributes, which is the route shape Daptin registers for actions.
Compile and publish the static site into Daptin local storage:
npm install
npm run publishOpen:
http://localhost:7336/integration-auth-demo/
Daptin registers subsite routes on startup, so restart Daptin after npm run setup creates the site row. In Docker mode use npm run docker:restart; in release-binary mode stop npm run daptin:release with Ctrl-C and run it again. File updates after that can be republished with npm run publish; restart if the subsite does not refresh within 10-15 seconds.
- Sign in Alice and Bob in the browser app.
- Select Alice and click
Start GitHub OAuth. - Complete GitHub OAuth as GitHub user A.
- Return to the demo and refresh OAuth tokens.
- Select Bob and repeat OAuth as GitHub user B.
- Run
GitHub via OAuth Tokenfor Alice with Alice's token. - Run
GitHub via OAuth Tokenfor Bob with Bob's token. - Select Alice but paste Bob's
oauth_token_id; execution must fail. - Create a GitHub PAT credential for Alice and run
GitHub via Credential. - Select Bob and try Alice's credential; execution must fail unless permission was deliberately granted.
- Enable
send malicious Authorization action inputand rerun the passing cases; provider identity must still come from the selected token or credential.
npm run verify
docker compose logs -f daptin
npm run docker:downmake verify prints registered connectors, integrations, installed actions, visible tokens, and visible credentials without printing secrets.
- The app stores Daptin JWTs in browser
localStoragefor manual testing. - OAuth callback may redirect to
/sign-inafter Daptin stores the token. Return to/integration-auth-demo/and refresh tokens. - Optional PAT setup can be automated by setting
ALICE_GITHUB_PATorBOB_GITHUB_PATin.env.local; otherwise create credentials from the browser app.