OAuth2 Authenticator

This node supports the (interactive) OAuth 2.0 Authorization Code grant flow. The target audience of this node are users with a technical understanding of OAuth 2 and (web) developers. For less technical users, it may be simpler to use service-specific nodes, such as Microsoft Authenticator or Google Authenticator.

The auth code flow is used to obtain an access token via an interactive login, which works as follows:

In the node settings: the user specifies all required information and then clicks on "Login", which will open a new browser window.
In the new browser window:The user logs into the authentication service, consenting to any required permissions (scopes). At the end of this process the authentication service redirects the browser to the configured redirect URL, passing an authorization code.
In the node settings: The authorization code is received (via the redirect) and is used to acquire an access token. The user can now close the node settings (OK).
The node can now be executed.
Whenever the user closes the workflow, the access token is deleted. Opening the workflow again will require a fresh interactive login as above.

Note: Currently, the node can only be used in KNIME Analytics Platform. The node does not support execution on KNIME (Business) Hub or KNIME Server, also not via Remote Workflow Editor.

Options

Service type: Whether to connect to a standard OAuth service from a predefined list, or to manually specify endpoint URLs.
Service: A standard OAuth service from a predefined list.
Authorization endpoint URL: The authorization endpoint URL of the OAuth service.
Token endpoint URL: The token endpoint URL of the OAuth2 service.
Token endpoint request method: HTTP method to use when requesting the access token from the token endpoint.
Client/App authentication method: How to transfer Client/App ID and secret to the service endpoints. HTTP Basic Auth is the most common mechanism, but some services expect these values to be part of the form-encoded request body.
Use PKCE: Enables Proof Key for Code Exchange (PKCE), to improve security of the interactive login.
Type: Whether a public or confidential application flow should be used. A confidential application requires a secret.
ID: The client/application ID. In some services this is called API key.
ID and Secret (flow variable): Specifies the credentials flow variable with the client/app ID and secret to use.
Redirect URL (should be http://localhost:XXXXX): The redirect URL to be used at the end of the interactive login. Should be chosen as http://localhost:XXXXX with a random number in the 10000 - 65000 range to avoid conflicts. Often, the redirect URL is part of the client/app registration at the OAuth2 service.
Scopes: The list of scopes to request for the access token.
Login: Clicking on login opens a new browser window/tab which allows to interactively log into the service.

Input Ports

This node has no input ports

Output Ports

: Credential with access token.

Popular Predecessors

No recommendations found

Popular Successors

Views

This node has no views

Workflows

Developers

You want to see the source code for this node? Click the following button and we’ll use our super-powers to find it for you.

Installation

To use this node in KNIME, install the extension KNIME Basic Authentication nodes from the below update site following our NodePit Product and Node Installation Guide:

v5.9

A zipped version of the software site can be downloaded here.

Plugin provider: KNIME AG, Zurich, Switzerland

Plugin version: 5.9.0.v202511131648

On NodePit since: 2025-12-11

Last update: 2026-01-24

Tags: StreamableModern UI

KNIME versions: Since v5.1

Deploy, schedule, execute, and monitor your KNIME workflows locally, in the cloud or on-premises – with our brand new NodePit Runner.

Try NodePit Runner!