Use this policy to authenticate a client by delegating the authentication to an OAuth2 provider. If this policy is applied, it is used to authenticate any request that does not contain credentials for any other authentication policies (such as API Key). The client is redirected to the OAuth provider to start the authentication flow. Once the flow completes, and the access token is obtained, the policy uses it to perform one or more requests to get information about the user, such as the ID and assigned role. Finally, a session cookie is returned to the client, and the client is redirected back to the requested URL. Subsequent requests authenticate based on the session cookie instead of repeating the OAuth flow. This implementation is based on the authorization code flow from Okta.
Starting in the October 2023 release, SnapLogic supports the implementation of OpenID. You can now use your OpenID Connect provider for the authentication controls in your Genric OAuth2 API policy.
Info |
---|
The Generic OAuth2 API Policy also supports OAuth 1.0. |
Note |
---|
Policy Requirements
|
...
Examples of Configuring the Generic OAuth2 API Policy with OIDC Providers
Google IdP Application
...
Field Mappings
You can use Google Cloud Services to set up Google as an IdP for your OAuth2.0 policy. Refer to Google Cloud documentation for the account information required to fill out the Generic Oauth2 policy form.
...
The following table provides the mapping between the Google IdP application endpoints and the Generic OAuth2 policy OpenID field values, where the application name is 2ada741a-1b5a-49e4-c3bd-fc2a72b698c
.
Refer to Google Cloud documentation for the account information required to fill out the Generic Oauth2 policy form.
Generic Oauth Policy | Google Open ID Connect | Example Value |
---|---|---|
OpenID Discovery Document URL |
|
|
Login URL* |
|
|
JWS Algorithm* | RS256 | N/A |
Scopes |
| |
Access Token URL |
|
|
Azure IdP Application
...
Field Mappings
Microsoft Entra ID
You can use Microsoft Entra ID as an IdP for your OAuth2.0 policy.
...
Generic Oauth Policy OpenID Fields | Google Open Microsoft Entra ID Connect | Example Value |
---|---|---|
OpenID Discovery Document URL |
|
|
Login URL* |
|
|
JWS Algorithm* |
| N/A |
Scopes |
| N/A |
Access Token URL |
|
|
AD B2C Application
Prerequisites
...
The following table provides the mapping between the Azure AD B2C application endpoints and the Generica Generic OAuth2 policy OpenID field values, where the name of the user workflow (policy-name)
is the app name you create for user flows
.
Generic Oauth Policy OpenID Fields | Google Open ID AD B2C Connect | Example |
---|---|---|
OpenID Discovery Document URL |
|
|
Login URL* |
|
|
JWS Algorithm* |
| N/A |
Scopes |
| N/A |
Access Token URL |
|
|
Info |
---|
For single tenant uses, you should create a redirect URI, which is the application URL. |
...