Versions Compared

Old Version 68

changes.mady.by.user Lakshmi Manda

Saved on

compared with

New Version Current

changes.mady.by.user Kalpana Malladi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this article Table of ContentsmaxLevelIn this article

Table of Contents
maxLevel2
absoluteUrltrue

Overview

You can use this account type to connect REST Snaps with data sources that use OAuth2 authenticationWhen choosing between different authentication options for a REST API, we recommend you use the REST OAuth2 account instead of the REST In-memory OAuth2 accountbecause of the flexibility and security features OAuth2 offers. Learn more about the differences between the REST In-memory OAuth2 Account Vs. REST OAuth2 Account.

Prerequisites

A valid Client ID, Client secret, OAuth2 endpoint, and OAuth2 token.

Limitations

None.

Account Settings

Image RemovedImage Added

Select one of the following methods for authorization:

Authorization Code: The user is authenticated using Token Token endpoint parameter value the value associated with the optional endpoint parameter defined above.Default Value: N/A

Use this field set to provide custom properties for the OAuth2 auth endpoint. Click the + or - icons to respectively add or remove configuration rows.

This field set comprises the following fields:

  • Auth endpoint parameter
    • Auth endpoint value
    Field NameField TypeDescription
    Label*String

    Specify the name for the account. We recommend that you update the account name if there is more than one account of the same account type in your project.

    Default Value: N/A
    ExampleREST OAuth2 Account

    Client ID*String

    Specify the client ID associated with your account. You can create the client ID as advised by your application provider. An example and its meaning can be found here.

    Default Value: N/A
    Examplep364e45x-953x-460p-9pb0-934xep16p693

    Client secret*String

     The client secret associated with your account. You can create the client secret as advised by your application provider. An example and its meaning can be found here.

    Default Value: N/A
    Example<Encrypted>

    Access tokenString

    Auto-generated after authorization. Specify the token that SnapLogic uses to make API requests on behalf of the user associated with the client ID.

    Default Value: N/A
    Example<Encrypted>

    Refresh tokenString

    Auto-generated after authorization. Specify the refresh token associated with your account. If the refresh token is stored, then the access token can be refreshed automatically before it expires.

    You should retrieve the Refresh token when setting up the account for the endpoint, where the OAuth2 flow is executed and the resulting refresh token is stored in this field. If the refresh token is stored, then the access token can be refreshed automatically before it expires. 

    Note

    Users who run Pipelines with REST Snaps using OAuth2 authentication should have read/write/execute permissions. If the user has only Execute permissions, a refresh of the OAuth2 token might prompt the user's credentials. For a workaround, you can give the user running the Pipeline Write access to the Assets referenced in the Pipeline.


    Info

    In some REST endpoints, such as Google and Microsoft, the refresh token is not returned by the default parameters/scopes. For example, in an endpoint such as Google, to get the refresh token you need to set access_type=offline and prompt=consent.

    Default Value: N/A
    Example<Encrypted>

    Access token expirationInteger

    Auto-generated after authorization. Specify the access token expiration value, in seconds.

    Default ValueCurrent Time + 3600 seconds
    Example10000s

    Header authenticated

    		Checkbox

    Select this checkbox to indicate that the endpoint uses bearer header authentication.

    Default Value: Deselected

    OAuth2 Endpoint*

    		String

    Specify the URL of the endpoint that authorizes the application. 

    Default Value: N/A
    Examplehttps://login.microsoftonline.com/common/oauth2/v2.0/authorize

    OAuth2 Token


    		String

    Specify the URL of the endpoint that retrieves the token for an authenticated account.

    Note

    If you are using a REST OAuth2 Account, access the account token through account.access_token explicitly. The property must be marked as an expression. An example URL for LinkedIn is: "LinkedIn is: "https://api.linkedin.com/v1/people/~?oauth2_access_token=" + account.access_token.

    Default Value: N/A
    Examplehttps://

    api

    login.

    linkedin

    microsoftonline.com/

    v1

    common/

    people/~?oauth2_access_token=" + account.access_token.

    Default Value: N/A
    Examplehttps://login.microsoftonline.com/common/oauth2/token

    		Grant Type

    oauth2/token

    Grant Type

    Select one of the following methods for authorization:

    • Authorization Code: The user is authenticated using credentials (username and password), which return to the client through a redirect URL. The application then receives the authorization code from the URL and uses it to request an access token.
    • Client Credentials: Obtains an access token to the client ID and client secret through the token endpoint URL.
    • password: Obtains access token using your login credentials (username and password), which return to the client through a redirect URL. The application then receives the authorization code from the URL and uses it to request an access token.
    • Client Credentials: Obtains an access token to the client ID and client secret through the token endpoint URL.
    • password: Obtains access token using your login credentials (username and password). When selected, it populates the following fields:
      • Username: Enter the username of the account type.
      • Password: Enter the password of the account type.

    Default ValueAuthorization Code
    Exampleclient_credentials

    • . When selected, it populates the following fields:
      • Username: Enter the username of the account type.
      • Password: Enter the password of the account type.

    Default ValueAuthorization Code
    Exampleclient_credentials

    Token endpoint config

    Use this field set to provide custom properties for the OAuth2 token endpoint. Click the + or - icons to respectively add or remove configuration rows.

    This field set comprises the following fields:

    • Token endpoint parameter
    • Token endpoint parameter value

    Token endpoint parameter

    		String

    Define an optional token endpoint parameter.

    Default Value: N/A

    Token endpoint parameter valueString

    Specify the value associated with the optional endpoint parameter defined above.

    Default Value: N/A

    Auth endpoint config

    Use this field set to provide provide custom properties for the OAuth2 token auth endpoint. Click  Click the + or - icons to respectively add or remove configuration rows.

    This field set comprises the following fields:

    • Token Auth endpoint parameter
    • Token endpoint parameter Auth endpoint value

    Token endpoint parameter

    		String

    Define an optional token endpoint parameter.Snaplex

    Default Value:  NN/A

    Example: /snaplogic/shared/cloud

    String

    Specify

    		Auth endpoint config

    the Snaplex path to be used for OAuth2 operations.

    Info

    • By default, SnapLogic automatically selects an available Snaplex. So, use this field only to handle specific scenarios, such as a network limitation.

    • If the specified Snaplex is not available or does not exist, the execution fails.


    Authentication parameterString

    Define an optional authorization endpoint parameter.

    Default ValueN/A

    Authentication parameter value


    Default Value: N/A

    		String

    Specify the value associated with the optional authorization endpoint parameter defined above.Default Value: N/Aabove.



    Auto-refresh token


    Default ValueDeselected

    		Checkbox

    Select this checkbox to refresh the token automatically using the refresh token, if the property is enabled. If this property is deselected, the token expires and is not refreshed automatically.Default ValueDeselected
    Example: N/A


    Authorize


    		Button

    Click this button to authorize the REST OAuth2 account using the credentials provided in the Client ID, Client Secret, OAuth2 Endpoint, and OAuth2 Token fields.Default Value: N/A
    Example: N/A


    Send Client Data as Basic Auth Header


    Default Value    Deselected

    		Checkbox

    Select this checkbox to send the client information as a header to the OAuth endpoint.Default Value: Deselected
    Example: N/A



    Note

    Call-back DomainThe redirect URI must be set differently in the app that is created in the endpoint: https://<SnapLogic_POD_Name>/api/1/rest/admin/oauth2callback/rest

    For example: "https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/rest" in the screenshot below:

    ...

    REST In-memory OAuth2 Account Vs. REST OAuth2 Account

    REST In-memory OAuth2 Account

    REST OAuth2 Account

    The REST In-memory OAuth2 Account supports only client_credentials Grant type.

    The REST OAuth2 Account supports the following authorization Grant types:

    • client_credentials

    • password

    • authorization_code

    The REST In-memory OAuth2 Account is suitable for scenarios where the access token expiration time is less than 30 minutes. This account type efficiently manages tokens within the pipeline and Snap, ensuring a more localized token handling approach.

    The REST OAuth2 Account is suited for scenarios when access token expirations are 1 hour or longer. If the OAuth2 service supports refresh tokens, enabling the Auto Refresh token checkbox allows Snaplogic to pre-emptively refresh tokens automatically beforetheir official expiration.

    Troubleshooting

    ErrorReasonResolution
    One or more required field is blank

    You click Authorize in the account dialog window, but one or more of the following fields is blank:

    • Label
    • Client ID
    • Client Secret
    • OAuth2 Endpoint
    • OAuth2 Token

    Insert valid details into the following fields and click Authorize.

    • Label
    • Client ID
    • Client Secret
    • OAuth2 Endpoint
    • OAuth2 Token

    You attempted to authorize your account, but authorization failed, because the following fields are empty:

    • Access token
    • Refresh token
    • Access expiration token

    Insert excerpt
    REST Snap Pack
    REST Snap Pack
    nopaneltrue

    ...

    Related Content

    ...