OAuth 2.0 Authorization
OAuth 2.0: OAuth 2.0 is an authorization framework that enables third-party applications to access a user’s data or perform actions on a user’s behalf through a secure and standardized process. It defines various authorization grant types and flows for different use cases.
Key components and steps in the OAuth 2.0 process:
- Resource Owner: The user who has control over their resources and data.
- Client: The third-party application or service that wants to access the user’s resources on a resource server.
- Resource Server: Hosts the user’s data and resources, which the client wants to access.
- Authorization Server: Authenticates the user and issues access tokens to the client after user consent.
- Access Token: Short-lived credentials that the client presents to the resource server to access protected resources. Includes scopes defining the level of access.
In eZintegrations for Source, Operations, and Target API, the user can select the Type as OAuth 2.0.
This Authorization helps generate an Access Token based on a Refresh Token.
Refresh Token URL :
The “Refresh Token URL” is the specific endpoint on the authorization server where the client sends a request to obtain a new access token using a refresh token. This URL is provided by the authorization server as part of the OAuth 2.0 protocol.
Example: https://www.googleapis.com/oauth2/v4/token
Refresh Token Method :
In OAuth 2.0, when a client application needs to obtain a new access token using a refresh token, it typically makes a POST request to the “Token Endpoint”. The client exchanges its refresh token for a new access token at this endpoint.
HTTP POST Request: The request includes the following parameters:
grant_type: Set to “refresh_token” to indicate that the client is using a refresh token.refresh_token: The refresh token issued to the client during initial authorization.client_idandclient_secret(optional): Credentials of the client application if required by the authorization server.
eZintegrations provides all available methods.
Refresh Token Endpoint Header:
Common headers used during the token refresh process:
Request Headers
Authorization Header: If client authentication is required, include client credentials using the “Basic” authentication scheme:
{“Authorization”: “Basic base64-encoded(client_id:client_secret)”}
This header is required if client credentials are used.
Content-Type Header
The Content-Type specifies the format of data in the request body. For OAuth 2.0, it is typically:
{“Content-Type”:”application/x-www-form-urlencoded”}
Refresh Token Endpoint Params :
Parameters that may be needed in the Refresh Token URL for filtering the request:
{
"params1": "your_params1",
"params2": "your_params2"
}
Refresh Token Endpoint Body:
The body of the POST request to obtain a new access token:
{
"grant_type": "refresh_token",
"refresh_token": "your_refresh_token",
"client_id": "your_client_id",
"client_secret": "your_client_secret"
}
You can also provide the body in URL-encoded string format:
"client_id=your_client_id&client_secret=your_client_secret&grant_type=refresh_token&refresh_token=your_refresh_token"
Note: When using string format in Refresh Token Endpoint Body, special characters like %, ^, * are not supported.
For other Authorization types like AWS Signature, NTLM, and Custom Signature, please refer to the Pre-Request Script sections for examples.
