ClearFlask
FeedbackRoadmapChangelog
Matus
      

How to setup OAuth

If you want your users to sign-in with an external provider, you have an option to use OAuth.

If your service already manages user accounts, we recommend using Single Sign-On instead as it has a seamless, better user experience than OAuth provides.

To setup OAuth, visit your provider to get started. Your provider will require from you a Redirect URL for security measures. You should provide one or both of the following depending on whether you are using subdomain or domains on ClearFlask:
https://<subdomain>.clearflask.com/oauth
https://<domain>/oauth

Once you have all the details, head on over to the Onboarding page and scroll down to OAuth to set it up.

Short button title - User visible text
Client ID - Given to you by your provider
Client Secret - Given to you by your provider (We will keep this private)
Authorize URL - Authorization URL your users will be redirected to.
Token URL - Token URL our backend server will retrieve to exchange an authorization to an access token.
Request Scope - Specify the minimum scope required to fetch user ID, email and name.
User Profile URL - This URL will be retrieved using the token from the previous step to fetch user details
GUID/Name/Email Path - a JsonPath expression that helps us determine how to parse the User Profile response from previous step.

Below is a list of common providers to get you started quickly.

Google
  • Client ID / Client Secret - Can be setup here
  • Authorize URL - "https://accounts.google.com/o/oauth2/v2/auth"
  • Token URL - "https://www.googleapis.com/oauth2/v4/token"
  • Request Scope - "profile email"
  • User Profile URL - "https://www.googleapis.com/oauth2/v2/userinfo"
  • GUID Path- "id"
  • Name Path- "name"
  • Email Path - "email"

GitHub
  • Client ID / Client Secret - Can be setup here
  • Authorize URL - "https://github.com/login/oauth/authorize"
  • Token URL - "https://github.com/login/oauth/access_token"
  • Request Scope - "user:email"
  • User Profile URL - "https://api.github.com/user"
  • GUID Path- "id"
  • Name Path- "name, login"
  • Email Path - "email"

Facebook
  • Client ID / Client Secret - Can be setup here
  • Authorize URL - "https://www.facebook.com/v3.2/dialog/oauth"
  • Token URL - "https://graph.facebook.com/oauth/access_token"
  • Request Scope - "public_profile email"
  • User Profile URL - "https://graph.facebook.com/me?fields=name,email"
  • GUID Path- "id"
  • Name Path- "name"
  • Email Path - "email"

Gitlab
  • Client ID / Client Secret - Can be setup here
  • Authorize URL - "https://gitlab.com/oauth/authorize"
  • Token URL - "https://gitlab.com/oauth/token"
  • Request Scope - "read_user"
  • User Profile URL - "https://gitlab.com/api/v4/user"
  • GUID Path- "id"
  • Name Path- "name"
  • Email Path - "email"

Discord
  • Client ID / Client Secret - Can be setup here
  • Authorize URL - "https://discordapp.com/api/oauth2/authorize"
  • Token URL - "https://discordapp.com/api/oauth2/token"
  • Request Scope - "identify email"
  • User Profile URL - "https://discordapp.com/api/users/@me"
  • GUID Path- "id"
  • Name Path- "username"
  • Email Path - "email"

Twitch
  • Client ID / Client Secret - Can be setup here
  • Authorize URL - "https://id.twitch.tv/oauth2/authorize"
  • Token URL - "https://id.twitch.tv/oauth2/token"
  • Request Scope - "user:read:email"
  • User Profile URL - "https://api.twitch.tv/helix/users"
  • GUID Path- "data[0].id"
  • Name Path- "data[0].display_name"
  • Email Path - "data[0].email"

Microsoft Azure AD
  • Client ID / Client Secret - Visit here -> Azure Active Directory -> App Registrations.
  • Authorize URL - "https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize"
  • Token URL - "https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token"
  • Request Scope - "User.Read"
  • User Profile URL - "https://graph.microsoft.com/v1.0/me"
  • GUID Path- "id"
  • Name Path- "displayName"
  • Email Path - "mail"
Powered by 
ClearFlask