Many services like Google, AzureAD or Github allow to connect by using the OAuth 2 authentication protocol.
These steps are the same for every connection
Create a data source by clicking `Add Data Source`
Enter a useful name
OAuth 2in Authentication
Enter the Client ID & Client Secret provided by the service you want to connect to
Callback URLpresented and authorize this redirect url in the remote service configuration
A grant type defines how the app can obtain an access token. We offer two options to choose from:
This is the most common
grant type and supported by most services. After a user consents access the app can obtain an access token.
This grant type is used to obtain an access token outside of the context of a user. It is easier to setup because user consent is not needed with this flow. We recommend using this flow if the service you want to connect to supports it.
For best practices when connecting to an external URL/REST data source using OAuth 2 authentication, we recommend the following steps:
Limit scopes and permissions: Request only the minimum required scopes and permissions for your app to access the specific data it needs. Avoid requesting unnecessary permissions to reduce potential security risks.
Use a dedicated user account: If the data source supports user accounts, create a dedicated user account with limited permissions for connecting to the external data source. Grant read-only access to the specific data required by the app.
Configure token expiration and refresh policies: Set appropriate token expiration and refresh policies to balance security and usability. Shorter token lifetimes can help reduce risks associated with token theft or misuse.
Monitor access and usage: Regularly review logs and reports from the external data source to identify suspicious activities, such as unauthorized access or data exfiltration.