Concept

oAuth 2.0 for URL External Data Source Authentication Configuration

To configure the Valsight application to allow for the use of oAuth 2.0 providers for authentication when importing an external data source for URL, edit the conf/config.yml as described below and restart the server after making changes.

NOTE: Any oAuth 2.0 providers configured using this guide will only be available for authentication during external data source import, not for OIDC authentication to access Valsight. For details on how to configure a provider for this use case see OpenID Connect .

In the instructions below on how configure an oAuth 2.0 provider the value is used several time. This a string that is used by Valsight to differentiate each provider and must be replaced with a unique value. This will also be used as the display name of the oAuth provider, presented to users when setting up an external data source. Thus, ensure that you replace each instance of with a value that describes the oAuth provider you are configuring, e.g. “Azure_Active_Directory”.

Note: it is not possible to have any of the following characters in the value:

Space ! * ' ( ) ; : @ & = + $ , / ? % # [ ] " < > # % |

To configure an oAuth 2.0 client enter the following configuration keys:

spring:
    security:
        oauth2:
            client:
                registration:
                    <registration_id>:
                          .....

NOTE: It is possible these keys already exist (except for ), e.g. if authentication via OpenID Connect is enabled in the application or if an oAuth 2.0 provider has been previously configured. Ensure not to modify any existing client registrations.

Then configure the oAuth 2.0 client values for each provider as follows:

Configuration Key (….registration.<registration_id> →)	Description	Example Value	Default Value
client-id	OAuth 2.0 Client Identifier valid at the Authorization Server	jmxDcfi1gEffVMktJ	n/a
client-secret	Client Secret token, provided by the Authorization Server	aZWAuRZUSxT-Sh8-xDLdHI	n/a
authorization-grant-type:	The type of authorization flow to perform. This can be one of the following values: authorization_code: This flow involves the user being redirect to the authentication provider to enter their credentials. Effectively they are giving Valsight permission to access the data at external data source URL. client_credentials: This flow requires the Valsight application to have been given access permission to access the resource its self and does not require the user to authenticate.	authorization_code	n/a

Configuration Key (….registration.<registration_id> →)

Description

Example Value

Default Value

client-id

OAuth 2.0 Client Identifier valid at the Authorization Server

jmxDcfi1gEffVMktJ

n/a

client-secret

Client Secret token, provided by the Authorization Server

aZWAuRZUSxT-Sh8-xDLdHI

n/a

authorization-grant-type:

The type of authorization flow to perform. This can be one of the following values:

authorization_code: This flow involves the user being redirect to the authentication provider to enter their credentials. Effectively they are giving Valsight permission to access the data at external data source URL.
client_credentials: This flow requires the Valsight application to have been given access permission to access the resource its self and does not require the user to authenticate.

authorization_code

n/a

To configure an oAuth 2.0 provider enter the following configuration keys:

spring:
    security:
        oauth2:
            client:
                provider:
                  <registration_id:
                        .....

Then configure the oAuth 2.0 provider values as follows:

Configuration Key (….registration.<registration_id> →)	Description	Example Value	Default Value
issuer-uri	Identifier for the Issuer of the authorization response.	https://my-oidc.com/	n/a
authorization-uri	The Authorization endpoint of the oAuth 2.0 flow	https://my-oidc.com/authorize	n/a
token-uri	The Token endpoint of the oAuth 2.0 flow	https://my-oidc.com/oauth/token	n/a
jwk-set-uri	The endpoint that contains certificates to verify the token	https://my-oidc.com/oauth2/certs	n/a

Full example YAML configuration

Below is an example of all the available configuration keys for an oAuth 2.0 provider, with no values supplied, for multiple registrations.

spring:
    security:
        oauth2:
            client:
                registration:
                        <registration_id_1>:
                             client-id:
                             client-secret:
                             authorization-grant-type:
                        <registration_id_2>:
                             client-id:
                             client-secret:
                             authorization-grant-type:
                provider:
                         <registration_id_1>:
                             issuer-uri:
                             authorization-uri:
                             token-uri:
                             jwk-set-uri:
                        <registration_id_2>:
                             issuer-uri:
                             authorization-uri:
                             token-uri:
                             jwk-set-uri: