External Oauth 2.0 provider
The External OAuth 2.0 provider can be used to acquire acess tokens from OAuth 2.0 providers to be consumed in eg the REST connector.
Configuration
Uri: The uri to the access token provider eg https://www.googleapis.com/oauth2/v4/token for Google
Header Properties: A key/value table to specify the HTTP headers to provided when making the call to acquire the access token. The header typically consists of two parts: the type of the token, which is JWT, and the hashing algorithm being used, such as HMAC SHA256 or RSA.
Body Properties: Values to be sent in the body of the http token request call, in addition to the encoded assertion specified by the values in the JWT heading described below, if any.
JWT: Values used to encode the assertion of your token request. Assertion property: the name of the key corresponding to the assertion value in the payload, usually just assertion. Certificate file path: the location to a .p12 file or corresponding certificate file, which holds the public key to be used when encoding the assertion. These are usually issued by the token provider. Make sure you store this file in a location actually accessible by the server. Certificate password: the password for the certificate specified above. Valid in minutes: how long you would like the token to last after it was issued. May or may not last as long depending on the provider.
Claims: items used when encoding the assertion, usually values that tells something about the user the token is to be issued for and what kind of permissions the token should be able to access. The three most common values are: iss: identity of issuer, eg id of the app to issue the token for which the certificate was created for aud: the endpoint to issue the token. Usually similar as that of the uri value exp: expiration time, no need to specify this since the value of Valid in minutes will substitute this. scope: access scopes requested for the token, eg read the mails of a user of a group in google. Not part of the JWT standard but the providers do not seem to care.
More can be read about the claim on the specification for JWT: https://tools.ietf.org/html/rfc7519#section-4.1
Get Started
There are no settings, only choose what variable you would like to output the token to. This variable can be used in conjuction the REST connector to access Oauth 2.0 authenticated resources, like azure graph api
Last updated