Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this article Table of ContentsmaxLevel2In this article

Table of Contents
maxLevel2
absoluteUrltrue

Overview

You can use this account type to connect REST Snaps with data sources that use OAuth2 authenticationWhen choosing between different authentication options for a REST API, we recommend you use the REST OAuth2 account instead of the REST In-memory OAuth2 accountbecause of the flexibility and security features OAuth2 offers. Learn more about the differences between the REST In-memory OAuth2 Account Vs. REST OAuth2 Account.

...

Limitations

None.

Account Settings

Image RemovedImage Added

Token Token endpoint parameter value value associated with the optional endpoint parameter defined above.Default Value: N/A
Field NameField TypeDescription
Label*String

Specify the name for the account. We recommend that you update the account name if there is more than one account of the same account type in your project.

Default Value: N/A
ExampleREST OAuth2 Account

Client ID*String

Specify the client ID associated with your account. You can create the client ID as advised by your application provider. An example and its meaning can be found here.

Default Value: N/A
Examplep364e45x-953x-460p-9pb0-934xep16p693

Client secret*String

 The client secret associated with your account. You can create the client secret as advised by your application provider. An example and its meaning can be found here.

Default Value: N/A
Example<Encrypted>

Access tokenString

Auto-generated after authorization. Specify the token that SnapLogic uses to make API requests on behalf of the user associated with the client ID.

Default Value: N/A
Example<Encrypted>

Refresh tokenString

Auto-generated after authorization. Specify the refresh token associated with your account. If the refresh token is stored, then the access token can be refreshed automatically before it expires.

You should retrieve the Refresh token when setting up the account for the endpoint, where the OAuth2 flow is executed and the resulting refresh token is stored in this field. If the refresh token is stored, then the access token can be refreshed automatically before it expires. 

Note

Users who run Pipelines with REST Snaps using OAuth2 authentication should have read/write/execute permissions. If the user has only Execute permissions, a refresh of the OAuth2 token might prompt the user's credentials. For a workaround, you can give the user running the Pipeline Write access to the Assets referenced in the Pipeline.


Info

In some REST endpoints, such as Google and Microsoft, the refresh token is not returned by the default parameters/scopes. For example, in an endpoint such as Google, to get the refresh token you need to set access_type=offline and prompt=consent.

Default Value: N/A
Example<Encrypted>

Access token expirationInteger

Auto-generated after authorization. Specify the access token expiration value, in seconds.

Default ValueCurrent Time + 3600 seconds
Example10000s

Header authenticated

Checkbox

Select this checkbox to indicate that the endpoint uses bearer header authentication.

Default Value: Deselected

OAuth2 Endpoint*

String

Specify the URL of the endpoint that authorizes the application. 

Default Value: N/A
Examplehttps://login.microsoftonline.com/common/oauth2/v2.0/authorize

OAuth2 Token


String

Specify the URL of the endpoint that retrieves the token for an authenticated account.

Note

If you are using a REST OAuth2 Account, access the account token through account.access_token explicitly. The property must be marked as an expression. An example URL for LinkedIn is: "https://api.linkedin.com/v1/people/~?oauth2_access_token=" + account.access_token.

Default Value: N/A
Examplehttps://login.microsoftonline.com/common/oauth2/token

Grant Type

Select one of the following methods for authorization:

  • Authorization Code: The user is authenticated using credentials (username and password), which return to the client through a redirect URL. The application then receives the authorization code from the URL and uses it to request an access token
Grant Type

Select one of the following methods for authorization:

  • Authorization Code: The user is authenticated using .
  • Client Credentials: Obtains an access token to the client ID and client secret through the token endpoint URL.
  • password: Obtains access token using your login credentials (username and password), which return to the client through a redirect URL. The application then receives the authorization code from the URL and uses it to request an access token.
  • Client Credentials: Obtains an access token to the client ID and client secret through the token endpoint URL.
  • password: Obtains access token using your login credentials (username and password). When selected, it populates the following fields:
    • Username: Enter the username of the account type.
    • Password: Enter the password of the account type.

Default ValueAuthorization Code
Exampleclient_credentials

  • . When selected, it populates the following fields:
    • Username: Enter the username of the account type.
    • Password: Enter the password of the account type.

Default ValueAuthorization Code
Exampleclient_credentials

Token endpoint config

Use this field set to provide custom properties for the OAuth2 token endpoint. Click the + or - icons to respectively add or remove configuration rows.

This field set comprises the following fields:

  • Token endpoint parameter
  • Token endpoint parameter value

Token endpoint parameter

String

Define an optional token endpoint parameter.

Default Value: N/A

Token endpoint parameter valueString

Specify the value associated with the optional endpoint parameter defined above.

Default Value: N/A

Auth endpoint config

Use this field set to provide provide custom properties for the OAuth2 token auth endpoint. Click  Click the + or - icons to respectively add or remove configuration rows.

This field set comprises the following fields:

  • Token Auth endpoint parameter
  • Token endpoint parameter Auth endpoint value

Token endpoint parameter

String

Define an optional token endpoint parameter.Snaplex

Default Value:  NN/A

Example: /snaplogic/shared/cloud

String

Specify the

Auth endpoint config

Use this field set to provide custom properties for the OAuth2 auth endpoint. Click the + or - icons to respectively add or remove configuration rows.

This field set comprises the following fields:

  • Auth endpoint parameter
  • Auth endpoint value

Snaplex path to be used for OAuth2 operations.

Info
  • By default, SnapLogic automatically selects an available Snaplex. So, use this field only to handle specific scenarios, such as a network limitation.

  • If the specified Snaplex is not available or does not exist, the execution fails.


Authentication parameterString

Define an optional authorization endpoint parameter.

Default ValueN/A

Authentication parameter

value

value


Default Value: N/A

String

Specify the value associated with the optional authorization endpoint parameter defined above.Default Value: N/A



Auto-refresh token


Default ValueDeselected

Checkbox

Select this checkbox to refresh the token automatically using the refresh token, if the property is enabled. If this property is deselected, the token expires and is not refreshed automatically.Default ValueDeselected
Example: N/A


Authorize


Button

Click this button to authorize the REST OAuth2 account using the credentials provided in the Client ID, Client Secret, OAuth2 Endpoint, and OAuth2 Token fields.Default Value: N/A
Example: N/A


Send Client Data as Basic Auth Header


Default Value
Deselected

Checkbox

Select this checkbox to send the client information as a header to the OAuth endpoint.Default Value: Deselected
Example: N/A



Note

Call-back DomainThe redirect URI must be set differently in the app that is created in the endpoint: https://<SnapLogic_POD_Name>/api/1/rest/admin/oauth2callback/rest

For example: "https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/rest" in the screenshot below:

...