# Custom REST Connector OAuth2 Configuration
Sisense supports the OAuth2 (opens new window) protocol for signing REST requests. OAuth2 is an open protocol, which allows secure API authorization in a simple and standard method from applications.
# OAuth2 Flow
The general OAuth2 flow when retrieving data from RESTful services is as follows:
- Sisense sends an authorization request to the resource provider. The provider then authorizes the request and Sisense requests an access token from the authorization server hosted by your data source.
- The access token allows Sisense to retrieve data from the resource server for a limited time defined by the provider.
- Sisense passes the access token to the resource provider and requests the data you want to import in the ElastiCube Manager.
As a developer, you need to provide the URL and resource destinations in the OAuth2 config file.
# OAuth2 Configuration File
When implementing OAuth2, you must create a separate JSON file and include it in your connector's folder. In the Settings object, you provide the name of this file as the value of the key OAuth2Config:
{
"Settings": {
// ...
"OAuth2Config": "oauth2config.json",
// ...
}
// ...
}
# Required Information
There are three URLs that need to be configured:
- The
AccessCodeServicewhere the data provider authorizes you to request an access token - The
AccessTokenServiceservice provides the access token needed to access the final server - The
UserInfoServiceor resource server where the data you want to import into Sisense is maintained
The remaining information you need to provide:
- The
ClientIdand theClientSecret. This information is provided by your particular data source. If you do not want to hard-code this data into your oauth config file, use the UI parameters object previously discussed to allow your users to dynamically enter their credentials. In this case, you need to comment out theClientIDandClientSecretfields. - OAuth2 client type name (
ClientTypeName) - A redirect URL (
RedirectUri) to redirect the user - A scope (
Scope) defined by the data provider that limits what users can do to the data they handle from the data source provider such as read or write access
# JSON Format
| Name | Type | Required | Comment |
|---|---|---|---|
Provider | String | Yes | Provider system name. This value should be the same value as in main REST configuration file Settings section. |
AccessCodeService | Object | Yes | Base URI and resource for REST call to get oath2 access_code. |
AccessTokenService | Object | Yes | Base URI and resource for REST call to get oath2 access_token and refresh_token. |
UserInfoService | Object | Yes | Base URI and resource for REST call to get user info. |
ClientId | String | Yes | OAuth2 client ID. |
ClientSecret | String | Yes | OAuth2 client secret. |
RedirectUri | String | Yes | OAuth2 redirectUri where users will be sent back to after authorization. Sisense supports both HTTP and HTTPS. |
Scope | String | Yes | Oauth2 scope. A URL-encoded, list of member permissions your application is requesting for a user space delimited. |
ClientTypeName | String | Yes | Name used internally to identify an oauth2 client. |
# Example
{
"Provider": "rest-meetup",
"AccessCodeService": {
"BaseUri": "https://secure.meetup.com",
"Resource": "/oauth2/authorize"
},
"AccessTokenService": {
"BaseUri": "https://secure.meetup.com",
"Resource": "/oauth2/access"
},
"UserInfoService": {
"BaseUri": "https://secure.meetup.com",
"Resource": "/2/member/self"
},
"ClientId": "....",
"ClientSecret" : "....",
"ClientTypeName": "sisense",
"RedirectUri": "http://localhost:7077/auth/rest-meetup",
"Scope" : "basic"
}