Many services like Google, AzureAD or Github allow to connect by using the OAuth 2 authentication protocol.
These steps are the same for every connection
Create a data source by clicking `Add Data Source`
Enter a useful name
OAuth 2in Authentication
Enter the Client ID & Client Secret provided by the service you want to connect to
Callback URLpresented and authorize this redirect url in the remote service configuration
A grant type defines how the app can obtain an access token. We offer two options to choose from:
This is the most common
grant type and supported by most services. After a user consents access the app can obtain an access token.
This grant type is used to obtain an access token outside of the context of a user. It is easier to setup because user consent is not needed with this flow. We recommend using this flow if the service you want to connect to supports it.
Although OAuth 2 password grant is considered a legacy option and not recommended, it may still be necessary to connect to certain APIs. To accommodate this need, we have added the ability to set up a data source using OAuth 2 password grant. However, if possible, we strongly recommend using another grant type for improved security. Please be aware of the potential security implications when using OAuth 2 password grant and take necessary precautions to protect your data.
For best practices when connecting to an external URL/REST data source using OAuth 2 authentication, we recommend the following steps:
Limit scopes and permissions: Request only the minimum required scopes and permissions for your app to access the specific data it needs. Avoid requesting unnecessary permissions to reduce potential security risks.
Use a dedicated user account: If the data source supports user accounts, create a dedicated user account with limited permissions for connecting to the external data source. Grant read-only access to the specific data required by the app.
Configure token expiration and refresh policies: Set appropriate token expiration and refresh policies to balance security and usability. Shorter token lifetimes can help reduce risks associated with token theft or misuse.
Monitor access and usage: Regularly review logs and reports from the external data source to identify suspicious activities, such as unauthorized access or data exfiltration.