OAuth2 rule fields

The following fields are available in the Generic OAuth2 rule when OpenID Connect is not enabled:


Field	Description
When this rule should be applied	An expression that defines one or more conditions that must be true for the rule to execute. Default value: N/A Example: The expression `request.method == "POST"` causes the rule to execute only on `POST` requests.
Use OpenID Connect	Make sure the checkbox is deselected to use OAuth2. Default value: Deselected
Login URL	Required. The OAuth2 vendor’s login/authorization URL where users are redirected to authenticate. Example: `https://github.com/login/oauth/authorize`
Required Scopes	Required. The list of OAuth2 scopes required to get information about a user. These determine what access the token will allow, such as, user profile, or email. See OAuth 2.0 Scopes for details.
Scope	The name of the OAuth2 scope. Example: user, token, session
Access Token URL	Required. The access token URL generated when you registered Snaplogic as an application with the OAuth2 providers. The response from this token URL will be stored in $token and can be referenced in User Info URL below. SnapLogic exchanges the authorization code for an access token. Example: https://github.com/login/oauth/access_token
Client ID	Required. The ID of the SnapLogic application registered with the OAuth2 provider.
Client Secret	Required. The client secret for the SnapLogic application registered with the OAuth2 provider.
Redirect URI	The SnapLogic callback endpoint: the URI of the Snaplex load-balancer appended with /api/1/rest/oauth2/callback. This must be registered with your OAuth2 provider as an allowed redirect/callback URL.
User Info URL #1-2	These fields specify the HTTP GET endpoints that SnapLogic calls to retrieve user profile information after the token exchange. Note: Limitation: This field doesn't support expressions that use `asset` or `request` variables. User Info URL #2 is optional. Use it if you need to call a second endpoint for additional user details.
URL	The destination for the request to get user information. Example: https://idp.example.com/user https://api.github.com/user
Query Parameters	The query parameters (name and value) to add into the URL.
Headers	The headers (name and value) to include in the request. Example: Authorization
Extract User Info	Required. Specifies how to extract information about the user from the working object.
User ID Expression	Required. An expression that extracts a unique identifier for the user. Example: $user.email
Roles Expression	Required. An expression that returns the list of roles this user is in. Example: $user.groups.map(group => group.name)
Session: Time-To-Live in Seconds	Required. The number of seconds for which the session is active. Refer to OAuth session management for information on manually closing sessions. Default value: 86400 Example: 90000
OAuth State: Time-To-Live in Seconds	Required. The number of seconds for which the OAuth state is active. Default value: 300 Example: 1000
Description	Use this rule to authenticate a client by delegating the authentication to an OAuth2 provider. Default value: Authorizes requests using specified OAuth service.