OAuth2

Create templates for performing authorisation via OAuth2. These templates can allow for different authorisation processes to be saved for users to reuse whenever the appropriate integration object requires a new authorisation.


Walkthrough

Create New Template

To create a new template, navigate to the OAuth2 integration on the applications page in A-Ops. Click on the plus icon within the search bar and provide a name for the template.

Create New Template

To set the various options for the template, click the pencil icon to edit the template. You can fill in the following fields:

Field Description Example
authURL The authorisation URL used to initially authorise the application https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/authorize
resource The resource being authorised against
responseMappings If any fields are returned non-standard compared to OAuth2, you can provide them here. refreshToken must be defined. {"refreshToken":"refresh_token"}
scope The scope of the authorisation. This should match the authorising application requirements. For refresh tokens, usually offline_access is required. offline_access files.readwrite.all
tokenURL The token URL used to aquire the refresh token after the initial authorisation https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
versions Some applications have multiple versions. These will populate a dropdown to be selected by users. [{"name":"Beta","value":"beta"},{"name":"2.0","value":"v2.0"}]

Replacement Syntax

For authURL and tokenURL, it is possible to use the same replacement syntax used elsewhere in A-Ops. The table below helps identify how to use this:

Name Reference To Example
action References any field in the target object. %%action[tenant_id]%%
data References the template form the user fills in. %%data[version]%%
template References the templates own fields. %%template[name]%%

For example, to pull the tenant ID from the object being authorised and pass it to the authURL field, you could set authURL to equal https://login.microsoftonline.com/%%action[tenant_id]%%/oauth2/v2.0/authorize.

Other Actions

It is possible to search for all the templates via the search bar at the top of the page. There is also an import button next to the create new button. Finally, it's also possible to export a template by clicking on the export button between the edit and delete buttons.