OAuth 2.0 Authentication

Table of contents

• Introduction
• Guide

Introduction

OAuth 2.0 is a standard protocol for HTTP authorization. It is commonly used by modern applications and web services to provide a more secure way to access their resources.

RFC6749
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing the
third-party application to obtain access on its own behalf.

OAuth 2.0 comes with some grant types. In Alumio, the available grant types are below:

• Interactive authorization
  A grant type that requires you to interactively log in and accept permissions before you can retrieve the access token.

  Important: Only use this grant type if you are sure you will get a non-expiry refresh token when retrieving the access token. Otherwise, you are required to retrieve the token again manually when the access token or refresh token expires.

• Client credentials
  This grant type doesn’t require any interaction from users. This is a recommended grant type to be used within Alumio.

• Password
  Like Client credentials, this grant type doesn’t require any interaction. However, it is not recommended due to security reasons. Please refer to OAuth 2.0 Password Grant Type.

• Authorization code
  This grant type works like Client credentials, but it requires a static code to be sent along with the payload.

  

  image951×1236 49 KB

Guide

Step 1: Go to HTTP authentications > Create a new HTTP authentication.

Step 2: Select “OAuth2 authentication” from the list of Settings.

Step 3: Select the “Generic” provider.

Step 4: Select the grant type.

• If you selected “Interactive authorization”, fill in the Authorize URL field.

  

  image1043×537 18.1 KB

• If you selected “Password”, fill in the Username and Password fields.

  

  image1042×618 19.6 KB

• If you selected “Authorization code”, fill in the “Code” field.

  

  image1039×544 17.8 KB

Step 5: Fill in the Client ID field.

Step 6: Fill in the Client Secret field.

Step 7: Fill in the Token URL field.

Step 8: Fill in the Scopes field if necessary.

Step 9: Select the Authentication method. Usually, both work.

Step 10: Add additional fields when requesting a token or refreshing a token in the “Additional options” and “Refresh options” if necessary.

Step 11: Check the “Enable logging of oauth requests” if you want to show the HTTP request of the authentication in the dashboard.

Step 12: You can optionally use any HTTP client plugins or other HTTP authentications if necessary.

Step 13: Click “Retrieve an access token key” to get the token.

• If you selected “Interactive authorization”, a pop-up will appear, and you are required to log in using a valid account and credentials. Once you are logged in, you are usually required to accept the asked permissions on the consent screen page.

Step 14: You will see the “Key” field is filled up, which indicates that Alumio has retrieved the access token.

Step 15: Optionally, you can use the token in any headers besides “Authorization”. You can also adjust the header value.

image1037×165 9.74 KB

Step 16: Save the HTTP authentication.