OAuthToken Connection

Access level: read

OAuth 2.0 is an Authorization Framework and an open standard for access delegation that is used by a variety of HTTP service providers. This connection type provides an access token for an HTTP service using OAuth2 Standard. It can also be referenced in REST connections with authentication method "Token", but there are some limitations.

With OAuth connections, one authorization request can be performed during execution and can be used for several subsequent REST calls.The result of this connection is JSON and can be consumed directly by a JSON extract.

In an OAuthToken Connection's successful response, the authorization server issues an access token and an optional refresh token. The authorization server constructs the response by adding parameters to the entity-body of the HTTP response.

According to the specification "The OAuth 2.0 Authorization Framework", a successful response requires access_token and token_type parameters. It is recommended to have an expires_in parameter, optional refresh_token, and scope parameters.

Connection settings

To obtain details such as Client ID, Client Secret, etc., refer to Microsoft's documentation on Application ID.

Token endpoint The URL address of the source data, e.g. https://abc.example.com/resource
Authentication method auth2ClientCredential Grant type "Client Credentials". Requires three parameters:
  • Client ID
  • Client secret
  • Access token scope

These parameters are described below.

oauth2PasswordCredential

Grant type "Resource Owner Password Credentials". Requires two additional parameters:
  • User name
  • Password

oauth2RefreshToken

Grant type "Refreshing an Access Token". Requires 1 additional parameter: refresh token, described below.
Client ID A unique string representing the registration information provided by the client.
Client secret Client secret key known only to the application and the authorization server. The secret key must be entered decoded, All required encoding will be done by our system.
Access token scope Optional specification of the scope of the access request. This value is expressed as a list of space-delimited, case-sensitive strings defined by the authorization server.
Client authentication type basicAuthHeader The client credentials are included in the request header, using the HTTP basic authentication scheme.
body The client credentials are included in the request body.
Refresh token There are two ways of specifying the refresh token parameter:
  • Manual input: one input field, "Token" (encrypted, can be entered as a text or encrypted variable).
    In this case, a manual update is necessary for reactivating the OAuthToken connection once the refresh token expires.

  • Automatic refresh: two input fields, "Setting" and "Scope".
    The key for the refresh token has to be created manually with "Password" type in Jedox Web Settings. If during the usage of this connection, in an execution, the refresh token expires, a new refresh token is generated and stored in the Settings manager under the same settings / scope. Thus, no new manual update of the token in the Settings is required.

Additional request parameters The Request parameters of the web service; required for GET method. The Request parameter can be anything, as it is specific to the URL used. For example, you may be required to authorize access to the Azure Active Directory web applications using the OAuth 2.0 code grant flow.
SSL mode verify checks the certificate; if response is OK, the certificate is validated.
trust imports the certificate to the keystore, if not yet available
off no SSL is used
Timeout (in s) The timeout of the web service request in seconds.
Ignore cookies policy By default (unchecked), a warning ("Cookie rejected") appears when the HTTP call breaks a cookie policy. For example, this can be caused by an incorrect domain in the set-cookie header. The OAuth connection will nevertheless return a result.

If the option is checked, the warning will not appear.

Updated November 4, 2024