Interact integrates OAuth2 authorization to provide an extra security layer for access to protected resources, when required.
OAuth (Open Authorization) is a standard framework for granting a user from another site or server limited access to protected information that resides on the Interact server.
Interact OAuth2 authentication uses a two-tiered authorization process.
- In the first tier, access to a Flow is granted via the application key for the Application being used.
- In the second tier, access is granted to the external site (typically a third-party server) for the user, a process that includes both logging in and providing and returning a temporary access token.
|1||The user requests access to a secured Flow, and is redirected to the Login page.|
|2||The user logs in against the authorization server, and the client is provided with an authentication code.|
|3||The client presents the code to the Interact server, and this server sends the code to the authorization server, where it is exchanged for an access token. The access token is returned to the client.
Note: At this stage, the Access Token read-only system variable is populated. This variable may be used, for example, in Integration Points to invoke any APIs exposed by the OAuth2 provider, or to retrieve specific details about the user's account.
|4||A second request for the secured Flow (using the access token) is sent to the Interact server, and the relevant Flow is invoked for the client.|
Configuring OAuth2 Settings for an Application
- From the Applications page, in the row of the relevant application, click the Application Name link.
The Application Details page opens, with the Details tab displayed by default.
- At the right upper corner of the page, click Edit. The fields become editable.
- In the User Authorization Endpoint field, enter the full URL path to the Login page for the authorization server.
- In the Token Endpoint field, enter the full URL path to the authorization server that is used to obtain an access token.
- In the Token Validation Endpoint field, enter the full URL path to the authorization server used to verify the validity of an existing access token. (This setting is not mandatory.)
- From the Security Fallback dropdown menu, optionally select Flow that will be presented to the user in the event that the user does not authorize the Interact server access to the authorization server.
- In the Redirect URL field, enter the location to which to return after the access token is granted.
- Enter additional parameters on the Details panel according to your OAuth2 authentication server requirements.
- At the top right corner of the page, click Save. A confirmation message is displayed, and the Applications page opens.