OAuth2
How to create
Click on authentications (lock symbol) and select Type: OAuth2
Fields defined in the OAuth authentication option depends on the Grant Type. The remote system dictates what Grant Type to use.
Grant Types
- Authorization Code
- Implicit
- Resource Owner Password Credentials
- Client Credentials
Authorization Code
The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token.
After the user returns to the client via the redirect URL, the iHub will get the authorization code from the URL and use it to request an access token.
Step 1. Add new authentication
- Select Grant Type Authorization Code
- Copy the Callback url from iHub authentication UI
Step 2. Register iHub in the remote App
- Paste the Callback url into the remote app
- Copy & Paste the client id and client secret into the iHub Authentication configuration
The remote app will display a client id and client secret when doing this step.
Step 3. Enter Authorize, Access Token url and Scope
There are two urls that the remote application needs to specify.
- Authorize url - used to make the concent and grant the authorization code
- Access token url - used for interchanging the authorization code to an access code. This is made behind the scenes when the system is interacting.
- Scope - used to determine what resources shall iHub get access to.
Implicit
The Implicit grant type is a simplified flow that can be used by public clients, where the access token is returned immediately without an extra authorization code exchange step.
Resource Owner Password Credentials
The Password grant type is used by first-party clients to exchange a user's credentials for an access token.
Since this involves the client asking the user for their password, it should not be used by third-party clients. In this flow, the user's username and password are exchanged directly for an access token.
Client Credentials
The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user.
This is typically used by clients to access resources about themselves rather than to access a user's resources.'
Authorization Code with assertion (Azure DevOps)
Special type to support Microsoft Azure and Devops
OAuth remote apps how-tos