oAuth 2.0 for URL External Data Source Authentication Configuration
To configure the Valsight application to allow for the use of oAuth 2.0 providers for authentication when importing an external data source for URL, edit the conf/config.yml as described below and restart the server after making changes.
NOTE: Any oAuth 2.0 providers configured using this guide will only be available for authentication during external data source import, not for OIDC authentication to access Valsight. For details on how to configure a provider for this use case see OpenID Connect .
In the instructions below on how configure an oAuth 2.0 provider the value <registration-id> is used several time. This a string that is used by Valsight to differentiate each provider and must be replaced with a unique value. This will also be used as the display name of the oAuth provider, presented to users when setting up an external data source. Thus, ensure that you replace each instance of <registration-id> with a value that describes the oAuth provider you are configuring, e.g. “Azure_Active_Directory”.
Note: it is not possible to have any of the following characters in the <registration-id> value:
Space ! * ' ( ) ; : @ & = + $ , / ? % # [ ] " < > # % |
To configure an oAuth 2.0 client enter the following configuration keys:
spring:
security:
oauth2:
client:
registration:
<registration_id>:
.....NOTE: It is possible these keys already exist (except for <registration-id>), e.g. if authentication via OpenID Connect is enabled in the application or if an oAuth 2.0 provider has been previously configured. Ensure not to modify any existing client registrations.
Then configure the oAuth 2.0 client values for each provider as follows:
Configuration Key (….registration.<registration_id> →) | Description | Example Value | Default Value |
|---|---|---|---|
client-id | OAuth 2.0 Client Identifier valid at the Authorization Server | jmxDcfi1gEffVMktJ | n/a |
client-secret | Client Secret token, provided by the Authorization Server | aZWAuRZUSxT-Sh8-xDLdHI | n/a |
authorization-grant-type: | The type of authorization flow to perform. This can be one of the following values:
| authorization_code | n/a |
To configure an oAuth 2.0 provider enter the following configuration keys:
spring:
security:
oauth2:
client:
provider:
<registration_id:
.....NOTE: It is possible these keys already exist (except for <registration-id>), e.g. if authentication via OpenID Connect is enabled in the application or if an oAuth 2.0 provider has been previously configured. Ensure not to modify any existing provider registrations.
Then configure the oAuth 2.0 provider values as follows:
Configuration Key (….registration.<registration_id> →) | Description | Example Value | Default Value |
|---|---|---|---|
issuer-uri | Identifier for the Issuer of the authorization response. | n/a | |
authorization-uri | The Authorization endpoint of the oAuth 2.0 flow | n/a | |
token-uri | The Token endpoint of the oAuth 2.0 flow | n/a | |
jwk-set-uri | The endpoint that contains certificates to verify the token | n/a |
Full example YAML configuration
Below is an example of all the available configuration keys for an oAuth 2.0 provider, with no values supplied, for multiple registrations.
spring:
security:
oauth2:
client:
registration:
<registration_id_1>:
client-id:
client-secret:
authorization-grant-type:
<registration_id_2>:
client-id:
client-secret:
authorization-grant-type:
provider:
<registration_id_1>:
issuer-uri:
authorization-uri:
token-uri:
jwk-set-uri:
<registration_id_2>:
issuer-uri:
authorization-uri:
token-uri:
jwk-set-uri: