# External Oauth 2.0 provider

The External OAuth 2.0 provider can be used to acquire acess tokens from OAuth 2.0 providers to be consumed in eg the REST connector.

#### Configuration <a href="#configuration" id="configuration"></a>

* **Uri**: The uri to the access token provider eg <https://www.googleapis.com/oauth2/v4/token> for Google
* Header Properties: A key/value table to specify the HTTP headers to provided when making the call to acquire the access token. The header typically consists of two parts: the type of the token, which is JWT, and the hashing algorithm being used, such as HMAC SHA256 or RSA.
* **Body Properties**: Values to be sent in the body of the http token request call, in addition to the encoded assertion specified by the values in the JWT heading described below, if any.
* **JWT**: Values used to encode the assertion of your token request. Assertion property: the name of the key corresponding to the assertion value in the payload, usually just *assertion*. Certificate file path: the location to a .p12 file or corresponding certificate file, which holds the public key to be used when encoding the assertion. These are usually issued by the token provider. Make sure you store this file in a location actually accessible by the server. Certificate password: the password for the certificate specified above. Valid in minutes: how long you would like the token to last after it was issued. May or may not last as long depending on the provider.
* **Claims**: items used when encoding the assertion, usually values that tells something about the user the token is to be issued for and what kind of permissions the token should be able to access. The three most common values are: iss: identity of issuer, eg id of the app to issue the token for which the certificate was created for aud: the endpoint to issue the token. Usually similar as that of the uri value exp: expiration time, no need to specify this since the value of Valid in minutes will substitute this. scope: access scopes requested for the token, eg read the mails of a user of a group in google. Not part of the JWT standard but the providers do not seem to care.

More can be read about the claim on the specification for JWT: <https://tools.ietf.org/html/rfc7519#section-4.1>

#### Get Started <a href="#get-started" id="get-started"></a>

There are no settings, only choose what variable you would like to output the token to. This variable can be used in conjuction the REST connector to access Oauth 2.0 authenticated resources, like azure graph api


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.novacuraflow.com/6.12/development/flow-studio/connectors/communication/external-oauth-2.0-provider.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.