Creating an OAuth 2.0 Client
To set up an OAuth 2.0 provider in the Web Client, you need the following parameters from the provider. Afterwards, you can create a provider in SEI as described in Authentication.
Parameter | Description |
---|---|
Client ID |
When registering Web Client with an OAuth provider, a unique public identifier is provided to build login URLs. |
Client Secret |
A unique secret string that is only known to the Web Client and the authorization server. |
Authorization Endpoint |
This endpoint is where the user is directed to get authenticated and to give permission to the Web Client with the necessary information. Web Client will then obtain an Authorization code, which the authorization server uses to search the permission / consent given by the user. |
Token Endpoint |
Using this endpoint, the Web Client will obtain an access token which will be then used to retrieve user information. |
User Info Endpoint |
This endpoint will be used to retrieve consented information about the user logging in. The information received here will be used to do the mapping between the Web Client account. |
Scopes |
The mechanism is used to limit the access that Web Client is granted about the user's account. The requested scopes will be presented to the user to give consent to the application. The available scopes depend on each provider and can differ for each of them. |
Discovery Endpoint |
(Optional) The endpoint is useful to retrieve the metadata related to the OAuth provider. This can simplify finding the necessary information to configure the provider inside of Web Client. This endpoint is available via /.well-known/openid-configuration |
Follow the steps on the provider's website in order to register Web Client with the OAuth provider.
When registering Web Client with an OAuth provider, make sure to keep in hand the Redirect URLs indicated in the Authentication page.
The two URLs (Web Client and Excel Add-in) need to be specified in the provider configuration.