OAuth 2.0 Authentication

Table of contents

  • Introduction
  • Guide


OAuth 2.0 is a standard protocol for HTTP authorization. It is commonly used by modern applications and web services to provide a more secure way to access their resources.

The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing the
third-party application to obtain access on its own behalf.

OAuth 2.0 comes with some grant types. In Alumio, the available grant types are below:

  • Interactive authorization
    A grant type that requires you to interactively log in and accept permissions before you can retrieve the access token.

    Important: Only use this grant type if you are sure you will get a non-expiry refresh token when retrieving the access token. Otherwise, you are required to retrieve the token again manually when the access token or refresh token expires.

  • Client credentials
    This grant type doesn’t require any interaction from users. This is a recommended grant type to be used within Alumio.

  • Password
    Like Client credentials, this grant type doesn’t require any interaction. However, it is not recommended due to security reasons. Please refer to OAuth 2.0 Password Grant Type.

  • Authorization code
    This grant type works like Client credentials, but it requires a static code to be sent along with the payload.


Step 1: Go to HTTP authentications > Create a new HTTP authentication.

Step 2: Select “OAuth2 authentication” from the list of Settings.

Step 3: Select the “Generic” provider.

Step 4: Select the grant type.

Step 5: Fill in the Client ID field.

Step 6: Fill in the Client Secret field.

Step 7: Fill in the Token URL field.

Step 8: Fill in the Scopes field if necessary.

Step 9: Select the Authentication method. Usually, both work.

Step 10: Add additional fields when requesting a token or refreshing a token in the “Additional options” and “Refresh options” if necessary.

Step 11: Check the “Enable logging of oauth requests” if you want to show the HTTP request of the authentication in the dashboard.

Step 12: You can optionally use any HTTP client plugins or other HTTP authentications if necessary.

Step 13: Click “Retrieve an access token key” to get the token.

  • If you selected “Interactive authorization”, a pop-up will appear, and you are required to log in using a valid account and credentials. Once you are logged in, you are usually required to accept the asked permissions on the consent screen page.

Step 14: You will see the “Key” field is filled up, which indicates that Alumio has retrieved the access token.

Step 15: Optionally, you can use the token in any headers besides “Authorization”. You can also adjust the header value.

Step 16: Save the HTTP authentication.