OAuth 2
Many services like Google, AzureAD or Github allow to connect by using the OAuth 2 authentication protocol.
These steps are the same for every connection
Create a data source by clicking `Add Data Source`
Enter a useful name
Select
URL\REST
as typeSelect
OAuth 2
in AuthenticationEnter the Client ID & Client Secret provided by the service you want to connect to
Copy the
Callback URL
presented and authorize this redirect url in the remote service configuration
Grant Types
A grant type defines how the app can obtain an access token. We offer two options to choose from:
Authorization Code
Client Credentials
Authorization Code
This is the most common grant type
and supported by most services. After a user consents access the app can obtain an access token.
Client Credentials
This grant type is used to obtain an access token outside of the context of a user. It is easier to setup because user consent is not needed with this flow. We recommend using this flow if the service you want to connect to supports it.
Examples
Security Recommendations
For best practices when connecting to an external URL/REST data source using OAuth 2 authentication, we recommend the following steps:
Limit scopes and permissions: Request only the minimum required scopes and permissions for your app to access the specific data it needs. Avoid requesting unnecessary permissions to reduce potential security risks.
Use a dedicated user account: If the data source supports user accounts, create a dedicated user account with limited permissions for connecting to the external data source. Grant read-only access to the specific data required by the app.
Configure token expiration and refresh policies: Set appropriate token expiration and refresh policies to balance security and usability. Shorter token lifetimes can help reduce risks associated with token theft or misuse.
Monitor access and usage: Regularly review logs and reports from the external data source to identify suspicious activities, such as unauthorized access or data exfiltration.