Best answer

Is it possible to set OAuth2 client_id and client_secret as input fields?

  • 21 July 2021
  • 4 replies
  • 83 views

Userlevel 1

Hi, 

 

When I am using OAuth v2 can I make the client id and client secret be input data. Like below?

 

 

icon

Best answer by Zane 26 July 2021, 16:09

You can do that, but adding them as user input fields in your auth config. But for OAuth implementation on Zapier, which uses the authorization code flow, to do so would only make sense in one circumstance: your users are self-hosting an app that uses oauth.  For instance, our GitLab integration does this because one can use the SaaS instance of the product, or your can self-host it. To configure a self-hosted product, you’re going to want to collect a host url as well.  

If you’re trying to collect client id and secret from a user because you’re doing a different kind of oauth flow, like, like “client credentials”, one of the other Zapier auth configs is better suited for this, the Session auth config type, for instance.

Happy to expand on that answer and help you pick the right config for your integration if that all didn’t make total sense. 

View original

4 replies

Userlevel 7
Badge +9

You can do that, but adding them as user input fields in your auth config. But for OAuth implementation on Zapier, which uses the authorization code flow, to do so would only make sense in one circumstance: your users are self-hosting an app that uses oauth.  For instance, our GitLab integration does this because one can use the SaaS instance of the product, or your can self-host it. To configure a self-hosted product, you’re going to want to collect a host url as well.  

If you’re trying to collect client id and secret from a user because you’re doing a different kind of oauth flow, like, like “client credentials”, one of the other Zapier auth configs is better suited for this, the Session auth config type, for instance.

Happy to expand on that answer and help you pick the right config for your integration if that all didn’t make total sense. 

Userlevel 1

Hi @Zane, thank you for this answer (and to @cozza13 for the initial question!) I just came across your answer here because the use case fits with an app I’m trying to integrate with, too.

So to confirm… when using the browser-based developer platform, I would enter it as follows (having already defined these fields in the Authentication Fields section):

 

But then further down at Step 4: Add OAuth v2 Endpoint Configuration (e.g.: Authorization URL, Access Token Request and Refresh Token Request) should these now be used as part of the process.env? Or bundle.inputData? I thought they should be now stored in {{process.env.CLIENT_ID}} and {{process.env.CLIENT_SECRET}} but it doesn’t seem to work. So I tried the below, but it did not authorise.

E.g.:

 

Any ideas or suggestions much appreciated! Thank you.

Kind regards,
Paul

Userlevel 7
Badge +11

Hi @Paul2 - The environment variables are case-sensitive so you have to enter {{process.env.CLIENT_ID}} instead of {{process.env.client_id}} and {{process.env.CLIENT_SECRET}} instead of {{process.env.client_secret}}.

Userlevel 1

Thank you

Reply