OAuth2 rule fields
The following fields are available in the Generic OAuth2 rule when OpenID Connect is not enabled:
| Field | Description |
|---|---|
| When this rule should be applied | An expression that defines one or more conditions that must be
true for the rule to execute.
Default value: N/A Example: The expression |
| Use OpenID Connect |
Make sure the checkbox is deselected to use OAuth2. Default value: Deselected |
| Login URL |
Required. The login URL for the OAuth2 vendor. REVIEWERS: Is this correct, it said the login URL for the client before, but that didn't seem correct. |
| Required Scopes |
Required. The list of OAuth2 scopes required to get information about a user. See OAuth 2.0 Scopes for details. |
| Scope | The name of the OAuth2 scope. Example: user, token, session |
| Access Token URL |
Required. The access token URL generated when you registered Snaplogic as an application with the OAuth2 providers. The response from this token URL will be stored in $token and can be referenced in User Info URL below. |
| Client ID |
Required. The ID of the SnapLogic application registered with the OAuth2 provider. |
| Client Secret |
Required. The client secret for the SnapLogic application registered with the OAuth2 provider. |
| Redirect URI | The URI of the Snaplex load-balancer appended with /api/1/rest/oauth2/callback |
| User Info URL #1-2 | These sections describe the HTTP GET requests this rule should make to get
information about a user. Note:
|
| URL | The destination for the request to get user information. Example: https://idp.example.com/userhttps://api.github.com/user |
| Query Parameters | The query parameters (name and value) to add into the URL. |
| Headers | The headers (name and value) to include in the request. Example: Authorization |
| Extract User Info |
Required. Specifies how to extract information about the user from the working object. |
| User ID Expression |
Required. An expression that returns a string to be used as the user ID. Example: $user.email |
| Roles Expression |
Required. An expression that returns the list of roles this user is in. Example: $user.groups.map(group => group.name) |
| Session: Time-To-Live in Seconds |
Required. The number of seconds for which the session is active. Refer to OAuth session management for information on manually closing sessions. Default value: 86400 Example: 90000 |
| OAuth State: Time-To-Live in Seconds |
Required. The number of seconds for which the OAuth state is active. Default value: 300 Example: 1000 |
| Description | Use this rule to authenticate a client by delegating the authentication to an OAuth2
provider. Default value: Authorizes requests using specified OAuth service. |