OAuth2 Settings

OAuth2 Settings

The SaveToDB add-in allows configuring OAuth2 provider settings when connecting to web data sources.

We are sure that you can configure it for any provider.

Here is a sample of settings for ZohoCRM:

SaveToDB OAuth2 Settings

The page contains a textbox with the provider name and three sections:

  1. Client Application
  2. Service URLs
  3. URL and Body Formats

The Client Application section contains:

  • Client ID
  • Client secret
  • Redirect URI
  • Scope

You acquire these values when registering your application at your OAuth2 provider.

We plan to add a built-in registered application for popular providers in the next versions.

Usually, you can adjust the scope. Refer to the OAuth provider documentation.

The sample above asks for all permissions to all modules and the read permissions to the settings.

The Service URLs section contains:

  • Authorization URL
  • Get token URL
  • Refresh token URL
  • Revoke token URL

You can find these URLs in your OAuth2 provider documentation.

You can specify URLs as is or using variables.

For example, the Refresh Token URL contains the {get_token_url} variable.
Accordingly, the add-in will use the value of the Get Token URL field.

The variables allow implementing dynamic URLs using values from the previous steps.

For example, ZohoCRM returns the accounts-server value in the authorization response that is not typical for other providers.

The add-in allows using such values. For example, the Get Token URL contains the {accounts-server} variable.

The URL and Body Formats section contains formats of URLs and request bodies.

The OAuth2 defines typical formats, and the add-in suggests the default values built using variables.

You can modify the formats to follow your OAuth2 provider requirements.

Variables

You can use the dialog box field values in the URL and body formats:

FieldVariable
Client Application
Client ID{client_id}
Client secret{client_secret}
Redirect URI{redirect_uri}
Scope{scope}
Service URLs
Authorization URL{authorization_url}
Get token URL{get_token_url}
Refresh token URL{refresh_token_url}
Revoke token URL{revoke_token_url}
URL and Body Formats
Authorization URL{authorization_url_format}
Get token URL{get_token_url_format}
Get token body{get_token_body_format}
Refresh token URL{refresh_token_url_format}
Refresh token body{refresh_token_body_format}
Revoke token URL{revoke_token_url_format}
Revoke token body{revoke_token_body_format}

The table below contains typical values defined in OAuth2:

FieldTypical Value
Service URLs
Refresh token URL{get_token_url}
Revoke token URL{get_token_url}/revoke
URL and Body Formats
Authorization URL{authorization_url}?scope={scope}&client_id={client_id}&response_type={response_type}&redirect_uri={redirect_uri}
Get token URL{get_token_url}
Get token bodygrant_type={grant_type}&client_id={client_id}&client_secret={client_secret}&redirect_uri={redirect_uri}&code={code}
Refresh token URL{refresh_token_url}
Refresh token bodyrefresh_token={refresh_token}&client_id={client_id}&client_secret={client_secret}&grant_type={grant_type}
Revoke token URL{revoke_url}
Revoke token bodytoken={refresh_token}

You can use the following variables defined in authorization requests or acquired from authorization responses:

VariableValue
{response_type}code
{grant_type}authorization_code in the authorization request and refresh_token in the refresh token request
{code}The code value of the authorization response
{access_token}The access_token value of the get token response
{refresh_token}The refresh_token value of the get and refresh token responses
{token_type}The token_type value of the get and refresh token responses
{expires_in}The expires_in value of the get and refresh token responses