Discontinuation of support of the X-SDS-Auth token and migration to OAuth 2.0

This information is only relevant for you if you have created your own scripts or solutions based on the DRACOON API or if you do not always use and/or provide the most recent version of DRACOON for Windows/Mac to your end-users.

X-SDS-Auth-Token and OAuth 2.0: Technical background

Currently, DRACOON supports user authentication and client authorization via a proprietary X-SDS-Auth token alongside with the OAuth 2.0 standard. This proprietary authentication method, which was launched in 2014 as a DRACOON-specific solution, allows authorized access to the DRACOON API. In 2016, DRACOON implemented the open OAuth 2.0 standard as an alternative to the proprietary X-SDS-Auth token, which facilitated the integration of DRACOON with third-party applications that also support the OAuth 2.0 standard.

Since then, all official DRACOON clients have migrated their authentication to OAuth 2.0. The DRACOON Web App, DRACOON for Outlook, DRACOON for iOS, and DRACOON for Android exclusively rely on OAuth 2.0 for user authentication. DRACOON for Windows/Mac uses OAuth 2.0 since mid-2019 for the creation of new bookmarks—but the proprietary X-SDS-Auth token-based authentication is still supported and probably active for bookmarks created earlier than mid-2019.

From 30.09.2020 on, support of the X-SDS-Auth token will be discontinued by the DRACOON API and OAuth 2.0 will be required to authenticate API calls and authorize clients.

What are the consequences of this discontinuation and change?

From 30.09.2020 on, DRACOON API requests on the DRACOON cloud will no longer support authentication via X-SDS-Auth token. Clients, scripts, and custom solutions will no longer be able to connect to the DRACOON API if the authentication for API requests has not been updated to OAuth 2.0 until then.

Am I affected by this?

In the following two cases you are affected by this upcoming change:

1. If you are using scripts or custom solutions that authenticate DRACOON API requests via X-SDS-Auth token.
2. If you use DRACOON for Windows/Mac with bookmarks that use the X-SDS-Auth token.
   You can check if a bookmark still uses the X-SDS-Auth token by checking each bookmark individually (by using the "Edit bookmark" command). Check the first dropdown field of the dialog box. If the current setting is DRACOON, OAuth 2.0 is already in use. If the current setting contains additional information, such as DRACOON (Email Address) or DRACOON (Active Directory), the X-SDS-Auth token is still in use:
   

Announcement: Automatic migration of DRACOON for Windows/Mac to OAuth 2.0 only

In the first days of September 2020, a new version of DRACOON for Windows/Mac will be released that will only support OAuth 2.0. This version will then automatically convert all existing bookmarks that still use X-SDS-Auth token authentication to OAuth 2.0. No further action by an administrator or user will be required. The migration of all existing bookmarks to OAuth 2.0 will silently take place in the background after the update.

What do I need to do?

• If you use DRACOON for Windows/Mac and have bookmarks that authenticate via X-SDS-Auth token, you will need to update to the version scheduled for release in September in order to migrate those bookmarks to OAuth 2.0. In case the update is not installed, DRACOON for Windows/Mac will no longer be able to connect to DRACOON using X-SDS-Auth token-based bookmarks from 30.09.2020 on.
• If you use your own scripts or custom solutions that authenticate to the DRACOON API via X-SDS-Auth token, you will need to update those to OAuth 2.0.
  In the following blog post, our development team has provided detailed information and code samples:
  Goodbye X-SDS-Auth-Token - Hello OAuth 2.0