Citrix Developer Solutions Podcast

S1E18 - Podio Deep Dive 3: "Podio and AWS Integration Sample"

May 28, 2019 Brick Bridge Consulting Season 1 Episode 18
Citrix Developer Solutions Podcast
S1E18 - Podio Deep Dive 3: "Podio and AWS Integration Sample"
Show Notes Transcript

Sign-up for access to the sample --> https://podio.com/webforms/22878402/1622712

PODCAST NOTES:

  1. Revisit a simple Podio + AWS Example that we mentioned before
  2. We’re releasing the code with some instructions to try it out for yourself
  3. This isn’t meant to be production code, but you could build a reliable system with some additional investment
  4. To review: we use a node.js 8.10 function running in AWS Lambda that responds to an API Gateway trigger
  5. The trigger has a unique URL which can be used to add a hook to a single Podio application
  6. You need an AWS account, a Podio API Key (Client Id & Secret)
  7. We just use this example to comment on a new item, but it could do all sorts of things
  8. There are a few challenges to consider when using app authentication
    1.    the token is set per application
    2.    hooks can be deleted separately, but this app stores them per function
    3.    tracking usage and access could be tricky in complicated scenarios
  9. We will release an OAuth2  version of this at some point which addresses some of these issues… and introduces others

Follow us on social media (@PodcastPodio) to stay up to date on all Podio Podcast news.

Donate to Non-profits here: https://www.buymeacoffee.com/brickbridge

Support the show
Gil Roberts:

Welcome to the Podio Solutions Podcast. Season one episode 18 I'm Gil Roberts and with me today is our lead developer here at Brick Bridge Consulting , Alex Shull. And our principal consultant, Jarett Duker. This podcast is about the design and development on the Citrix podio platform. You find that at Podio, p o d i o.com. We use this podcast to discuss their own experiences with podio as well as the other interesting topics from the podio developer community. If you are a podio designer, developer, agency, enterprise, or anybody else listed, you should immediately hit that subscribe button if you have already. Thank you so much for your support. Lastly, before we dive into today's topic, if you have a topic, issues, solution, problem, anything else you'd like to discuss, we want to know about it, hit us up on our Facebook, linkedin, Twitter, or send us an email or a podio message at podcast@brickbridgeconsulting.com today's topic, we're going to get into revisiting the simple podio plus AWS example that Alex mentioned before you got an official name for us today?

Alex Shull:

Um no, let me work on that. I just call it podio plus AWS lambda example. And it's , um, we, we mentioned it briefly in another podcast that we were going to release it and get people's reactions to it. And so that, that's , um , now in a blog post you'll be able to find the , the two code files and some step by step instructions to try it out. Native AWS Lambda all on your own and we'd love people to try it and let us know what they think. Um , just disperse them thoughts. Um, the, the basic example , um, just to review , um, is this is a free code releasing that our MIT license and um , not production ready and we are not making any claims to the , um , security or anything else on this code. But , um, I think it is something that the right developer can get ahold of and spur the right ideas, get some thoughts going and maybe come up with some solutions. They didn't realize that it would be as easy to implement as it is with these modern tools. That's the interesting thing about it. Um, it is literally one account you create, you go to AWS to create a free account. And with free tier resources, you can run one of these connections all the way to Podio, your own personal account and have custom code running on demand in penny's, right? In fractions of penny , that's an empowering feeling. And so a lot of developers just little taste of that will really open their eyes to what's possible. And so the , the basic idea is that there's a, in AWS lambda, you can run code based upon an event that it listens to and you can't listen directly to a podio event. However, you can , um, listen to a API gateway trigger and an API gateway and AWS services is what would be called an http listener and listens to a URL. And that is something you can plug into podio and that part can listen to podio.

Gil Roberts:

That's what is commonly known as, Web Hooks, is that correct?

Alex Shull:

Yeah, that's the, that's the web hooks portion of podio. So the um, in AWS lambda, the two files that are in the blog post index dot. JS and Podio, client dot js, they are just part of a little node js eight point 10 application. And I'm no javascript developer. I'm not claiming that this is going to be the highest quality javascript code you'll find, but it gets the job done. I think it's pretty easy to follow and you generate that trigger in API gateway. You go over to your podio account , plug it in to do some configuration and you have a very simple example and you can change what the podio client does pretty easily. If you read some of the developers , um, material on developers.podio.com they have some links in the, in the, in the Po , um, blog posts. So check it out. Um, the, the thing that I wanted to hear back from people is , um , if they find it useful for doing some simple things , um, it's not going to be a solution that, you know, replaces a Globiflow. It doesn't do what our , our product Sassaafras does, it doesn't do what some other solutions do, but it does , um, things that are very simple, very quickly for very cheap. And so if you have a very, very limited need , um , this might be something that lets you , um, prototype or even , um, do some additional integrations that , um, yeah, go ahead.

Gil Roberts:

Yeah. So it sounds like this is a , uh, a , a great way for those that may maybe interested in starting some podio API development in general. Yeah. As a great educational tool. Yeah. And listeners and , and are the, you know, the plan from the Sassafras side, just as a little aside, is we, we want our engine to be able to run the custom code from clients and we want to support the javascript language. And so this model is one that we want to work on and develop into a , a commercial product, but we're nowhere near that right now. But this is something that we think does have legs. And depending upon the response of people who try this out , um, we could, you know, put some more support behind it if the, the community feels that there's a benefit to it. Um, I think there's some potential there. That's, that's what our aim is, just to explore that and let other people talk to us about it. So this has going to be available , uh, via the Sassafras website. I will put a link below, but that's a Sassafras s a s s a f r a s.com. Again, link will be in the blog post description. Now what step through a use case.

Jarett Duker:

Well let me give some background to this because we were talking about it this morning. The Sassafras platform that we're just about to release allows people to capture multi workspace environments, edit and patch them and then deploy multiple instances of these , uh, throughout their particular end user or customer environments. It's all about bringing podio into a scalable solution, which is what we've been about for months now. But there's some technical challenges with that because even if we can patch all of the front ends and an allow management to front end podio development, Globiflow is its own beast. It was developed independently, even though it's integrated into the podio environment, it is ultimately separate and it is looks listening for Podio, web hooks and processing. Simple. If this, then that commands and we want Sassafras to have all of that potential wiring. It's great that we can replicate environments, but we also have to replicate all of the functions that go along with those environments. Now the way we've been doing that in house is by just writing lambda functions, c sharp lambda functions, which are amazing because we can design the web hooks in such a way that every environment we stamp down processes through the same lamb to function. So if we want to make an update to that function, we do it once on like Globiflow where we do it once per environment. Right . And if you just want to change one line, you have to go through every one of your potential customer environments and do that update. We don't have to do that with lambda . This works great in house. When we publish a solution, we write the lambdas, we wire them up through Sassafras and it just works and it's magic. But we want to give these tools to the general public as a part of SAS for us, we are releasing a tool set that allows them to capture and replicate podio environments. Then the step after that is allowing people to write their own coded functions against those environments that they'll be creating. And we're still a little bit in the conceptual stage of that and we've looked at several different ways of doing it. Rather we're going to be downloading XML off a globiflow and just consuming it if we allow people to right against our own, a right against our lambda backend , which is a kind of the, this is the pilot program to that Alex and a few other ideas that we're kicking around right now. Um, so this is really, really interesting stuff because it's , it's what we're going to be diving into in earnest .

Alex Shull:

Well one of the really nice things about this code that we're releasing? It is more restricted because it uses app authentication. Now app authentication is the style of authentication that uses a token that is specific to the application. So that authentication is different than the model that we're using in Sassafras, which has created some significant security hurdles to get it done right. But the, the end result is that this is much easier to distribute without worrying about getting too much access out there cause there's only one application that it can access. So to that that restricted security is actually pretty attractive for doing certain tasks, um attached to them. So I liked that aspect of it.

Jarett Duker:

I was just trying to give some background about why we're releasing this now.

Alex Shull:

I wanted to speak to that because using apple authentication to provide people custom code means that we don't have to worry about their code running against areas that shouldn't run against. And so that actually opens us up to the possibility more quickly to be comfortable giving people that custom code window. And so this model is one where in lambda we can pick up a chunk of code, run it in response to you without you having to even build this lambda example out. We, you could just click in Sassafras and say, I want this little, you know, chunk of application to respond some event to my custom events. We could wire that up for you using the same architecture that we're releasing, but it would just be automated through Sassafras. There'd be faster.

Gil Roberts:

So let me, let me just make a quick point on that to try to connect that with an example. I know Integra Mat has something similar to this. Is that right?

Alex Shull:

Um, the , I keep up with Integra Mat . What di I know that they have is their own custom language. So they have a, what's called the DSL to domain specific language. And these guys are wizards I really admire Integra amount . So all, you know, all credit to them. They have a plugin and visual studio code that lets you write code in their language and then deploy it to Integra Mat. And their language is really flexible. Um, and we're not at that point yet. We have some similar ideas but not, not quite there. Um, it , what I'm talking about is simply running java script using a limited set of libraries and really not , um, worrying so much about where you're running in AWS, force you to make outbound calls. Really not really let you have access to abs . It's just a runtime in this instance. So it's similar but not the same exactly.

Jarett Duker:

Do you want to give a couple of examples of , of functions that you could achieve with this?

Alex Shull:

What I have the current , um , example of doing by default simply putting a static comment on a newly created item. So there are a set of events at the application level which you can respond to , which might be worth considering. You have item create, you have item edit and then you have item delete. So as an example on the item delete , um, it would be possible to um, create an archive item or it would be, it would be possible to um, um, post a comment or I believe that you'd be able to notify another user , something like that if you wanted to do simple audits. Um, there's a lot of the core functions , um, that are internal to an app. Um, our , our , what you would be aiming to do, it would typically be reading data out of this app and then sending it downstream because you're at the app level. It's not a case where you're going to want to create apps. I mean create items in other apps in response to that because the level of authentication, it's really built around creating and reading the items that an AV , um , has. It is a very restricted level of authentication.

Gil Roberts:

Simple example, right? This is a simple, approachable example for, for our listeners to, to get a taste of what it is to write functions on lambda and execute them on podio. Is that what I'm hearing ?

Jarett Duker:

The API through the API and most of us are pretty comfortable using a simple create hook to say, make an item through Globiflow. This is the other side of that, to actually use the podio API and dig into the coding a bit more.

Alex Shull:

Yeah. And , and is it, this is for developers. I , I'm , I'm not expecting a , um , a globiflow user who , um, is, you know, not interested in expanding their development skills to get a lot out of this, but if there is a developer who's been working in Globiflow but wanted to do a little bit more with the Java script capabilities, maybe wanted to call other API APIs because once you're in that lambda environment, you can set it up to call Google. You can set it up to call Facebook. You can put all sorts of , um , additional parameters in your environmental settings to get things done quickly out of lambda. Um, that don't have to do with podio at all. And there, there are other possibilities that I could mention which , um , really are only enabled when you go into an oauth two scenario of authentication or wants to authentication opens it up. And so what I , I want to say that in the future we will be releasing a off to version of this little kit , um, which expands it a lot. Um, and we're not, we're not ready to do that today, but um, some of the bigger ideas that people might think of would be enabled by using a two off authentic.

Jarett Duker:

I think there may be more people out there that this applies to then you think Alex who a solid understanding of several coding languages but haven't actually sat down and worked out all of the architecture that you would need to have an event handler in AWS getting into a lambda library into a separate API and then to incur those changes throughout podio. I mean I'm pointing , there was a lot of auxiliary services that go into using the podio API if you're not going to just borrow somebody else's.

Alex Shull:

That's a really good point because there are a lot of developers who got a taste of Java script through writing and front end code and they're very comfortable with it, but they don't think of themselves as the back end developer. When once you open up that node js window and you learn some of the AWS libraries, if you're doing this in your own environment, this isn't the way Sassafras would offer it in all likelihood. But if you're doing this in your own AWS environment, you can start calling into um , databases and , um, blob storage and file systems and all manner of services that AWS exposes within lambda. And you can do it again very affordably, just pay as you go. We're not talking about , um, creating , um, a massive number of vms. The beautiful thing about AWS lambda is you really only pay for it when it's running your code. So it's a, it's a cheap way to try things out, not over commit, but, but the, I think that even more inches could come out of the auth two version. But I'm really interested to hear the feedback from, from just the simplest version because it does have a lot of capabilities that we won't think of that people out there might think of without having to spend the time to develop all of these , the interconnection points, you're giving them the path. Yeah, I just, the core piece, the core piece will get podio to talk to AWS and then it'll get, let AWS talk back to Podio, all sorts of other new pieces you can bring in there. And um like to see what people do with it. It from a high level , um, the, the, what's going to happen is you're going to , if you don't have an AWS account, you're going to have to create one and you're going to have to create a podio API , um, key that's a client ID and secret. Um, once you have those resources, then you have to pick an application and that for that application there is settings you'll need to find. It is all going to be documented. This is all documented in the blog post . Um, and at at the end of that , um, it will again create a unique URL starting with https. So it's already secured over SSL, which I recommend everywhere. And that URL is one that you'll be able to create hooks in that application from the developer tab and you can go modify that Java script in an inline code editor and try to see what other podio functions. You can call, again it's app level, but writes in comments. You can um , add modify fields. Um, and I think you can actually modify the application. I'm not sure about that one. I haven't explored it . I can't remember all of the full up permissions

Gil Roberts:

that's some of the base level items that are needed.

Alex Shull:

The podio client that I put out there is very limited. It's nothing like a podio SDK. And in fact the one that's out there , um, that of distributing handles the app authentication flow and then it does a comment on an item and that's all it does. So it very limited function . So the, the next step for a developer who's interested in exploring the podio side of this model is to go add some new functions to that podio client. Do something beyond, add an item, add a comment to an item and see what suit you see, what else you can do with that. Um, and um, then beyond that, might look into exploring some of the other AWS services in , in a similar fashion.

Gil Roberts:

What kind of time investment do you think that a person with a moderate level , um, uh , have the ability to code this? How long do you think it would take them to get through an example for one of our listeners here, you know , what kind of time commitment are they looking for?

Alex Shull:

this example? Really I think you should be able to get through in 30 minutes or less. That's including, if you have to create a new AWS account, it's pretty low bar to get, get in there. Um, again , um, I did this on my existing account, but as I understand it, all of these features are available in the free tier. So it's , it's pretty easy when you're done with it. You can delete everything. You'll never be charged for it again.

Gil Roberts:

So is that what you're saying? This is super approachable and there's really no excuse for people not to click on the blog post or inclined to do this. There isn't 30 minutes it's going to , it's going to bring your podio API skills to another level. Right. And begin to understand what it means to have a custom flow engine and how that can either take the place of or work alongside with something like a globiflow or Zapier. I, one thing I wanted to touch on was your comments about being able to access other APIs. So what you're saying is this could be kind of a gateway drug into doing your own custom.

Alex Shull:

Yeah, I mean here, here's the thing, like on, in our Sassafras Development , um , we're investing a lot in making sure that we are able to talk to g suite environments. And g suite is like podio from the authentication perspective and that once you get in the door, there's a whole set of tools that you can make use of. And rather than doing piecemeal integration for certain functions here and there, and I don't mean to criticize other models because you have to make choices in terms of what you're going to expose. But some other services out there , um , really kind of separate the different pieces of functionality of drive and g-mail and all those things. And I think that our users gonna get a benefit, a greater benefit from having fully integrated application. Um, and um, you know, management environments that aside. Um, I think if someone got in there , um , you can, what you can do on the g suite side or even just if you have a Google account, you go into cloud.google.com and you can create a service account. And I this, you know, I'm going to speak to something that I'm not putting samples out there today, but it's possible if there's enough interest that I would , um , provide some more documentation for people. Um, there's a way to easily create a service account, store it as an environmental setting and then call into , um, the Google APIs from that same lambda. So there you can again, with this same model of app authentication, respond to a new item in an application using a security that restricts the podio access to that application and then call out to a Google API that , um, you have configured a service account to call. And so the model for service account is a very secure model , um , which means that , um, no one can actually log in as that user. It can only be used for these service environments. So I don't want to delve too deeply into that, but it's, that's the approach that we use for integrating with g suite environments. And you could do a small version of that with the same code.

Gil Roberts:

That's fantastic. Is there a quick use case that we could share? I know that we , we have a client that that is , uh, driving , uh, our need for this development currently.

Alex Shull:

Well, what have you had , uh , an item that when it was created, if it had attachments, you wanted to put those attachments into a g Google drive folder based upon a text field in that item. There's a, there's this simple case. So you could have a, a form which lets people attach items and name a folder and then this lambda responds to that, pulls the file and sticks it over and drive for you. I think you could do that. Um, it's not, you know, proxy is going to do a lot faster. I'm not going to lie to you. Um , but if you could do that and it'd be a great exercise and really help you understand how all these pieces work together, I think it's definitely in scope.

Gil Roberts:

I'm glad you mentioned that , uh, about procfu, having some of these and for kind of how this fits into the ecosystem. I think this is a great exercise to understand how some of these other services, not just ours with Sassafras, but also proc fu , even globiflow to a certain extent, kind of the mechanics that are working on behind the scenes. Uh, and that I think that allows for design considerations for your regular podio build outs going forward in the future to know how integrations work mechanically and that you have an option , um, to build integrations that may not be already listed in other places to be able to get that done. So a great exercise. Hooking up with g suite. Um, it seems like that's not a huge time commitment as well. Uh, will that need the all to release or is that going to be uh, tied to to this a code release?

Alex Shull:

No, no , uh , um , I don't have any plans to release the g suite , um, service account style , um, however that, that would be separate from two authentication anyway . You could use that in either scenario.

Gil Roberts:

Well, I think that uh, today's podcast has been great for listeners to understand and begin to die, get their hands dirty, a , which we talked with with our interview with Andrew in the API setting of podio. I , a lot of the power of podio in and of itself is as we've talked about before, kind of hidden behind the API. Not everything is exposed through the user interface, so these are things that could make great impact on your design decisions, your automation decisions in your integration decisions for your clients. Is there anything else we'd like to add, gentlemen ? Feel good? Feel Good? Well, thank you guys so much again for listening this week. We hope that you always receive value from our podcasts. Hopefully you guys have noticed during this podcast a little better sound quality. We've, we've upgraded our facilities here at brokerage consulting, so a hope this is a little more enjoyable. This echoey room I can tell is already going to serve as well. That's it for this week. A couple of reminders. First and foremost, subscribe, subscribe , subscribe. It helps us more than you know. We are also looking for reviews, especially on the apple podcast and Google play stores. Again, it helps us so much and helps us continue this podcast. You're also still looking for podio gaps, I believe. We're going to do a podio gap's episode a next week , so be on the lookout for that. We've already gotten a couple entries in but, we're always seeking more podio gaps. We'd like to solve the community's problems. Um, you can send those gaps , uh , hit us up on our Facebook, linkedin, Twitter, or send us a podio message or email at podcast@brickbridgeconsulting.com. Uh, no matter where you are listening or when you're listening, you have a great rest of your day. Thank you.