OAuth 2.0 Common

Open Authorization 2.0 (OAuth 2.0) is an authentication and authorization framework that allows third-party applications limited access to HTTP services. In this article, we will go through everything you need to know to link AppsAnywhere to an OAuth 2.0 service for single sign-on.

In this article

Also in this section

 

Overview

Open Authorization 2.0 (OAuth 2.0) is an protocol standard that allows authentication and authorization of third-party applications on behalf of consenting users, by means of various grants. AppsAnywhere uses the Authorization Code grant type, where an authorization code is exchanged for an access token once the user has provided consent. This access token will then typically contain the identity information required to authenticate the user and authorize them for use of AppsAnywhere.

AppsAnywhere currently supports OAuth 2.0 with two providers:

It is recommended you follow these guides first to ensure set up is complete on the provider side, and that you have the information necessary to then configure the SSO method within AppsAnywhere.

Warning

For most providers you will need to specify a return URL when configuring OAuth 2.0. As you will have not yet configured AppsAnywhere, it is a good idea to think of a "URL Identifier" ahead of time so you can provide the full and correct return URL during the set up.

For example if your site was located at https://myappsanywhere.com and you wanted your URL identifier to be my-oauth, then the resulting return URL would be https://myappsanywhere.com/sso/oauth2/my-oauth

Adding OAuth 2.0 Methods

If you are unfamiliar with the process for adding new SSO methods, steps for doing this and information about common settings associated with all SSO methods can be found on the Single Sign-On Settings page. When selecting which method to add however, be sure to pick from the OAuth 2.0 category, and select the one that corresponds to the provider you are planning to use.

For Azure Active Directory, select the following:

Or for Active Directory Federation Services, select:

OAuth 2.0 Specific Settings

In addition to the common settings mentioned on the Single Sign-On Settings page, OAuth 2.0 methods include the following:

Field NameDescriptionIntended Value
Client IDThe OAuth 2.0 client ID that will either have been generated or supplied by you during the OAuth 2.0 set up of your selected provider.

If supplied by you, make sure it matches exactly.

If this is generated by the provider, just make sure you copy it across.

Client Secret

The OAuth 2.0 secret that will have been generated and given to you during the OAuth 2.0 set up of your selected provider.

Although this will not be visible to you when making future edits, it does not need to be supplied every time you save.

As this is generated by the provider, just make sure you copy it across.

Authentication URL

The base URL of your chosen provider, which paths are appended to when determining each full URL.

Example: https://myoauth2endpoint.com[paths-appended-here]

A standard well-formed URL, ideally with no trailing slash, e.g. https://myoauth2endpoint.com

For Azure AD, this will typically not need changing from the default.

Login Path

The base path which will be appended to the authorization URL, forming the main URL used before appending the authentication or token paths.

Example: https://myoauth2endpoint.com/example

A URL-compliant URI, ideally with no trailing slash (unless only "/"), e.g. /example

This will typically not need changing from the default.

Authentication Path

The path which will be appended to the main URL (authentication + login), providing the endpoint where OAuth 2.0 authorization requests are sent to.

Example: https://myoauth2endpoint.com/example/oauth2/authorize

A URL-compliant URI, ideally with no trailing slash e.g. /oauth2/authorize

This will typically not need changing from the default.

Token Path

The path which will be appended to the main URL (authentication + login), providing the endpoint where OAuth 2.0 token requests are sent to.

Example: https://myoauth2endpoint.com/example/oauth2/token

A URL-compliant URI, ideally with no trailing slash e.g. /oauth2/token

This will typically not need changing from the default.

Provider

The selected provider is primarily used by AppsAnywhere to determine the means by which identity information for the authenticating user is retrieved and processed.

As OAuth 2.0 (without OpenID) provides standards only for the authentication and authorization of users, each provider is therefore tailor made for retrieving information about the user logging in.

This should match the system you are trying to link AppsAnywhere to, as described earlier.

 

 


 

Some other articles you might find useful: