Creating and using client secrets for authentication via OAuth2

Custom connectors support authentication via the Open Authorization (OAuth) 2.0 authorization framework by allowing you to create client secrets and generate callback URLs with the built-in editor. In general, the process for configuring a custom connector to use OAuth2 is as follows:

  1. Create client secrets with the built-in editor.

  2. Reference the secrets in the JSON.

  3. Specify third-party URLs for authorization, the token, and the scope.

    Note  Refresh tokens are not supported. See Limitations on creating custom connectors.

  4. Authorize the generated callback URL in the third-party app.

Important  This feature is not yet available to all users.

Creating client secrets:

  1. Click the Custom Connectors tab.

    Custom Connector tab

  2. Click an existing connector or click Create a new connector.

    Custom Connectors, Create a new custom connector

  3. In the editor, click Secret Keys.

    Custom connectors, Secret Keys button

  4. In the window that appears, enter values for Secret Name and Secret Value, then click Save. You can add more secret pairs by clicking Add new secret pair. In general, you need two secret keys for authentication: one for the client ID, and one for the client secret.

    Custom connectors, Secret Keys dialog

    The Secret Names can be whatever you want—for example clientID and clientSecret—but the respective Secret Values must come from the third-party app or API for which you're creating the connector.

    Important  After being saved, Secret Values can't be changed.

Referencing the secrets

After you've created the secrets, you must reference them in the auth_components object using double braces ( {{ }} ). See Schema definition.

Custom connector, OAuth clientID and clientSecret

Important  The values in the braces must match the value of the Secret Names created previously.

Specifying the authorization, token, and scope URLs

In addition to the client ID and client secret, you must also specify the authorizationURL, tokenURL, and scope in auth_components object. Refer to developer documentation for your app for help finding the appropriate values. The example below shows URLs for the Google Calendar sample:

Custom connector, OAuth authorizationURL, tokenURL, and scope

Authorizing the generated callback URL

Finally, you need to authorize the callback URL generated by Claris Connect with your third-party app or API so that the two can communicate with each other. To generate the callback URL, you must first test your connector.

  1. In the Editor, click Save & Test.

  2. In the Debugger, after testing authentication and each action, click Return to Editor.

  3. Back in the Editor, hold the pointer over , then click Copy Callback URL.

  4. Authorize or register the callback URL with your app or API. If you're unsure how to do this, refer to relevant developer documentation for your app or API.

Deleting a client secret

  1. Go to the custom connector with the secret you want to delete.

  2. Click Secret Keys.

  3. Hold the pointer over , click Delete, then click Save.

    Custom connectors, Secret Keys dialog, Delete

Notes 

  • Secrets are created per connector, meaning you can't use secrets from one connector for authentication with another connector.