Skip to main content
Skip table of contents

OAuth 2

Many services like Google, AzureAD or Github allow to connect by using the OAuth 2 authentication protocol.

These steps are the same for every connection

  1. Create a data source by clicking `Add Data Source`

  2. Enter a useful name

  3. Select URL\REST as type

  4. Select OAuth 2 in Authentication

  5. Enter the Client ID & Client Secret provided by the service you want to connect to

  6. Copy the Callback URL presented and authorize this redirect url in the remote service configuration

Grant Types

A grant type defines how the app can obtain an access token. We offer two options to choose from:

  • Authorization Code

  • Client Credentials

  • Password Grant

Authorization Code

This is the most common grant type and supported by most services. After a user consents access the app can obtain an access token.

Client Credentials

This grant type is used to obtain an access token outside of the context of a user. It is easier to setup because user consent is not needed with this flow. We recommend using this flow if the service you want to connect to supports it.

Passwort Grant

Although OAuth 2 password grant is considered a legacy option and not recommended, it may still be necessary to connect to certain APIs. To accommodate this need, we have added the ability to set up a data source using OAuth 2 password grant. However, if possible, we strongly recommend using another grant type for improved security. Please be aware of the potential security implications when using OAuth 2 password grant and take necessary precautions to protect your data.

Examples

Security Recommendations (warning)

For best practices when connecting to an external URL/REST data source using OAuth 2 authentication, we recommend the following steps:

  1. Limit scopes and permissions: Request only the minimum required scopes and permissions for your app to access the specific data it needs. Avoid requesting unnecessary permissions to reduce potential security risks.

  2. Use a dedicated user account: If the data source supports user accounts, create a dedicated user account with limited permissions for connecting to the external data source. Grant read-only access to the specific data required by the app.

  3. Configure token expiration and refresh policies: Set appropriate token expiration and refresh policies to balance security and usability. Shorter token lifetimes can help reduce risks associated with token theft or misuse.

  4. Monitor access and usage: Regularly review logs and reports from the external data source to identify suspicious activities, such as unauthorized access or data exfiltration.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.