Today we’ve added OAuth2 authentication to TeamDesk Call URL actions. OAuth2 authentication enables direct integration with services like Google, Microsoft, Salesforce and many more.
Call URL action’s setup now features Authorization section. Type dropdown allows you to choose between:
- None – if API you are calling does not require authorization at all;
- Basic – if API requires basic user/password authorization. Prior to this change we handled this case via Authorization header, it still works this way.
- and now you can choose Generic OAuth2 for authentication with OAuth2 enabled services.
OAuth2 is a method to authorize the application (TeamDesk database(s) in this case) to access user’s resources such as calendars, mails, notes and files without providing the application with user’s credentials. While secure, initial setup might seem a bit complicated.
First you need to register application with service provider.
Setting up OAuth2 with Google APIs
- Navigate to Google developer’s console and create new project.
- Enable Google APIs you are planning to call.
- Set up OAuth Consent Screen.
- Add credentials, choose OAuth Client ID credential type and Web Application as application type.
- Add an URL listed in Call URL’s action Redirect URL property as an “Authorized Redirect URI”
Now you have Client ID and Client Secret for use in Call URL actions. Application does not necessary mean a single action or database, you can share these credential among multiple databases and actions.
For Call URL action, copy Client ID and Secret, use “https://accounts.google.com/o/oauth2/v2/auth” as Call URL’s Authorization URL and “https://www.googleapis.com/oauth2/v4/token” as Token URL properties and provide a scope – API you are planning to call.
Setting up OAuth2 with Microsoft APIs
- Navigate to Application Registration Portal and Register new application.
- Then add Web platform to set up Redirect URL.
- Generate password to get Client Secret. Save it somewhere, as it is displayed one time.
- Application ID listed on a page serves as a Client ID.
- Authorization URL is “https://login.microsoftonline.com/common/oauth2/v2.0/authorize”,
- Token URL is “https://login.microsoftonline.com/common/oauth2/v2.0/token”.
- List of scopes for now-recommended Graph API can be found here.
Once all required properties set up, clicking Authorize button will navigate you to authorization page provided by the service to select an account and confirm scope requested. Once confirmed, service sends us back authorization code that we exchange for access token upon save. This access token will be implicitly used in all subsequent API calls.
Sounds way too complicated?
For your convenience we’ve registered applications with Google and Microsoft. In TeamDesk databases Call URL’s authorization type property features two shortcuts named respectively. If you select one of these, all you need is to provide scope for API call.