Creating an OAuth 2.0 Client

To set up an OAuth 2.0 provider in the Web Server, you need the following parameters from the provider. Afterwards, you can create a provider in Nectari as described in Authentication.

Parameter Description
Client ID

When registering Web Server with an OAuth provider, a unique public identifier is provided to build login URLs.

Client Secret

A unique secret string that is only known to the Web Server and the authorization server.

Authorization Endpoint

This endpoint is where the user is directed to get authenticated and to give permission to the Web Server with the necessary information.

Web Server will then obtain an Authorization code, which the authorization server uses to search the permission / consent given by the user.

Token Endpoint

Using this endpoint, the Web Server will obtain an access token which will be then used to retrieve user information.

User Info Endpoint

This endpoint will be used to retrieve consented information about the user logging in. The information received here will be used to do the mapping between the Web Server account.

Scopes

The mechanism is used to limit the access that Web Server is granted about the user's account. The requested scopes will be presented to the user to give consent to the application. The available scopes depend on each provider and can differ for each of them.

Discovery Endpoint

(Optional) The endpoint is useful to retrieve the metadata related to the OAuth provider. This can simplify finding the necessary information to configure the provider inside of Web Server.

This endpoint is available via /.well-known/openid-configuration

Follow the steps on the provider's website in order to register Web Server with the OAuth provider.

Note

When registering Web Server with an OAuth provider, make sure to keep in hand the Redirect URLs indicated in the Authentication page.
The two URLs (Web Server and Excel Add-in) need to be specified in the provider configuration.