OAuth2 Architecture
Learn more about OAuth authentication providers in the Digibee Integration Platform.
PreviousMonitor changes to account settings in deployed pipelinesNextRegistration of new OAuth providers
Last updated
Was this helpful?
Learn more about OAuth authentication providers in the Digibee Integration Platform.
Last updated
Was this helpful?
OAuth is an industry-standard authorization protocol for application access to services on the Internet. It allows a third-party application to access a service (such as an API) with limited permission, either on behalf of the user or on its own, without needing the user's password.
To create integrations that use OAuth, you log into a provider (such as Google, Microsoft, Mercado Livre, Amazon) and receive an access token and a refresh token. With these tokens, it is possible to access users' data without having to share their credentials.
To use OAuth in the Digibee Integration Platform, you must first create an application with a provider. The Platform supports many other providers, including custom ones, however Google, Microsoft, and Mercado Livre are the default options for authentication. You must follow the specific instructions for your chosen provider.
After creating the application, you will receive the Client ID and Client Secret — the OAuth authentication keys. You must provide this information when creating a new provider on the Digibee Integration Platform.
Once the application is created, it will be possible to create your new OAuth provider on the Digibee Integration Platform following the tutorial in.
The Google flow is used to obtain the access token, which is valid for all OAuth providers that follow the . Check out the diagram below:
The first step is to request an intermediate token. This occurs when the user, during login, accepts the scopes and consents to the use of their data.
After the user consents, an intermediate token is generated, which is used to return the access token and the refresh token.
With the access token in hand, it is possible to make requests to the provider's services.
The access token expiration time is given by the expires_in property. For example, the value "7200ms" means that the access token will expire in two hours from the time the response was generated.
Concerning default providers registered by Digibee, we have the following expiration times:
3 months for Microsoft.
6 months for Google and Mercado Livre.
A refresh token is a credential artifact that allows a client application to obtain new access tokens without requiring the user to log in again. After they have expired, users applications can use a refresh token to “update” the access token.
The refresh token may not be returned for several reasons — most commonly due to an excessive number of logins. If your new account was not saved because the refresh token was not issued, you'll need to remove the OAuth application's access from your email account by following the specific instructions provided by your login provider.
Fill the following fields with necessary information for the request to be made using the generated access tokens:
URL of the service to be requested
Headers
Query parameters
On the Account field, select the account you created and authenticated on the provider.
A customer wants to access data located in a Microsoft One Drive using the OneDrive connector. With the OAuth, the login to the Microsoft account can be done without revealing the user password.
For this, it is necessary to use an OAuth 2 account type of the Microsoft provider with at least the offline_access (mandatory) and the scope relating to the desired resource.
On the OAuth providers tab, click Create.
Create a new provider selecting a Microsoft Base provider.
Go back to the Accounts page to create a new account.
Select the oauth-provider account type and fill the information.
Click Save.
When configuring the OneDrive connector, select the created account.
Once the previously created OAuth account is selected in the Account configuration parameter of a connector that supports OAuth (such as , or ), the Authorization header will be added automatically. For example:
Place the chosen connector on and open the configuration sheet.
Read the to learn how to implement an OAuth2-based integration model with Digibee.
Access the Digibee Integration Platform .
If you don’t know how to create a new provider, .
