OAuth 2.0

  • Updated on Dec 31, 2024
  • Published on Jul 29, 2024
  • 2 minute(s) read

OAuth 2.0 is a system that allows applications to access a user’s data from another service securely without needing the user’s password. It is fully supported within Gravity, with a fully extensible Auth option.

Fundamentally, OAuth 2.0 includes the following steps:

  1. User Approval:

    1. The app requests permission from the user to access their data on another service.

    2. The user is directed to a login page where they can grant or deny access.

  2. Authorization Code: If the user agrees, the service provides an authorization code to the app, representing the user’s consent.

  3. Access Token:

    1. The app exchanges this authorization code for an access token by sending a request to the authorization server.

    2. The access token acts like a temporary key that allows the app to access the user’s data.

  4. Data Access:

    1. The app uses the access token to request the user’s data from the service (resource server).

    2. The service validates the token and returns the requested data.

This process allows users to control which apps can access their information while keeping their passwords secure.

Setting up OAuth 2.0

Within Gravity, you do the following to setup OAuth 2.0:

  1. Set up a developer account with the platform that you’re connecting to, using apps@mindcloud.co.

  2. Within your developer account, get the following (as minimum, there may be additional requirements from that platform):

    1. Client ID

    2. Client Secret

    3. Scopes (if needed)

  3. Get the authorization request URL and set it up within your app. Note: the redirect URI that will likely be required by that platform will be provided in the Authorization tab.

  4. Get the access token request URL and set it up within your app, with any needed headers, query params, and request body.

  5. If needed, set up the URL to refresh the access token with any needed headers, query params, and request body.

OAuth 2.0 Settings

OAuth 2.0 within Gravity allows you also configure the various optionality that may be required.

  • Allow on Dev: Allows OAuth 2.0 configurations to be used within the MindCloud Developer Environment

  • Enable mTLS: Enables mutual TLS, requiring both client and server to present valid certificates. This adds an extra layer of security in OAuth 2.0 by confirming the client’s identity before granting token access.

  • Enable token rotation: Requires refresh tokens to be replaced each time they’re used (one-time use). This reduces the risk of compromised tokens being reused in OAuth 2.0 flows.

  • Enable M2M: Allows machine-to-machine OAuth 2.0 communications without a user present. Typically used by back-end services or microservices invoking APIs with client credentials.

  • Enable PKCE: Adds Proof Key for Code Exchange to the OAuth 2.0 authorization code flow. It protects the code exchange from interception by requiring the client to prove it originated the authorization request.

Testing OAuth 2.0

At any point, you can click on the Authenticate button on the top-right of the screen, which will open a modal window and trigger the OAuth 2.0 process with everything you have done so far: