OAuth2 Authenticator

This node supports the (interactive) OAuth 2.0 Authorization Code grant flow. The target audience of this node are users with a technical understanding of OAuth 2 and (web) developers. For less technical users, it may be simpler to use service-specific nodes, such as Microsoft Authenticator or Google Authenticator.

The auth code flow is used to obtain an access token via an interactive login, which works as follows:

  • In the node settings: the user specifies all required information and then clicks on "Login", which will open a new browser window.
  • In the new browser window:The user logs into the authentication service, consenting to any required permissions (scopes). At the end of this process the authentication service redirects the browser to the configured redirect URL, passing an authorization code.
  • In the node settings: The authorization code is received (via the redirect) and is used to acquire an access token. The user can now close the node settings (OK).
  • The node can now be executed.
  • Whenever the user closes the workflow, the access token is deleted. Opening the workflow again will require a fresh interactive login as above.

Note: Currently, the node can only be used in KNIME Analytics Platform. The node does not support execution on KNIME (Business) Hub or KNIME Server, also not via Remote Workflow Editor.

Options

Service type
Whether to connect to a standard OAuth service from a predefined list, or to manually specify endpoint URLs.
Service
A standard OAuth service from a predefined list.
Authorization endpoint URL
The authorization endpoint URL of the OAuth service.
Token endpoint URL
The token endpoint URL of the OAuth2 service.
Token endpoint request method
HTTP method to use when requesting the access token from the token endpoint.
Client/App authentication method
How to transfer Client/App ID and secret to the service endpoints. HTTP Basic Auth is the most common mechanism, but some services expect these values to be part of the form-encoded request body.
Use PKCE
Enables Proof Key for Code Exchange (PKCE), to improve security of the interactive login.
Type
Whether a public or confidential application flow should be used. A confidential application requires a secret.
ID
The client/application ID. In some services this is called API key.
ID and Secret (flow variable)
Specifies the credentials flow variable with the client/app ID and secret to use.
Redirect URL (should be http://localhost:XXXXX)
The redirect URL to be used at the end of the interactive login. Should be chosen as http://localhost:XXXXX with a random number in the 10000 - 65000 range to avoid conflicts. Often, the redirect URL is part of the client/app registration at the OAuth2 service.
Scopes
The list of scopes to request for the access token.
Login
Clicking on login opens a new browser window/tab which allows to interactively log into the service.

Input Ports

This node has no input ports

Output Ports

Icon
Credential with access token.

Views

This node has no views

Workflows

Links

Developers

You want to see the source code for this node? Click the following button and we’ll use our super-powers to find it for you.