OAuth2 Login

The OAuth2 login is used by tasks that interface with an external service that require authentication using the OAuth2 protocol. By using the OAuth2 protocol, no user credentials are stored within the application. The application only stores a token from the remote service which can be revoked at any time by the end user.

Login Properties

The Windows Client provides a type field that allows the user to quickly set up an OAuth2 login for use with Dropbox, Google Drive or Microsoft OneDrive, without having to input any specific remote server data. These settings use an API key that is registered to ASG. Use of this setting, along with the ASG-registered key, will be removed and users will have to convert logins that use this setting to the new format. Going forward, the user will have to perform their own registration with Dropbox, Google and Microsoft in order to create OAuth2 logins for these services.

When the user opens a login that utilizes one of these shortcuts while using the Web Client, it will automatically convert the login to the new format. When the user uses the Windows Client, the user can convert the login definition by clicking on the Convert button. Once the login is converted the user will need to enter their client ID and client secret, which were obtained when they registered the interface, into the login definition.

This table describes the login properties:

Field	Description
Type	The type of the login. Available options: Dropbox – For use with the Dropbox cloud service. Google – For use with Google Drive. Microsoft – For use with Microsoft OneDrive. Custom – For use with any of the others when custom authorization services or parameters are required.
	When the Custom type is selected, the following fields will appear:
Authorization URL	The URL of the authorization server.
Authorization Parms	The parameters that are required when connecting to the authorization server. These parameters are appended to the end of the Authorization URL and must be properly formatted.
Token URL	The URL where the application will get the token required to access the remote service.
Client ID	The client ID that is specified by the remote service when registering this interface. When using the custom type, you will be required to register this interface as your own application with the service provider.
Client Secret	The client secret that is specified by the remote service when registering this interface.

Authenticating

Before the OAuth2 login can be saved, you must authenticate with the remote authorization server. To do this, click on the Authenticate button. A browser window will open and navigate to the remote service’s login page.

If the Windows UAC dialog appears, click Yes to allow the ASG OAuth2 Login Utility to run with elevated permissions.

Enter your login credentials and authorize the ASG application. After you have done this, the browser window will automatically close.

After you have authenticated with the remote authorization server, the OAuth2 login is ready for use and can be saved.

Cloud Service Parameters

The OAuth2 login is used for access to Dropbox, Google Drive and Microsoft OneDrive cloud storage services. The following are the suggested parameters that are needed for these services.

Dropbox

Authorization URL - https://www.dropbox.com/oauth2/authorize
Token URL - https://api.dropboxapi.com/oauth2/token

Google Drive

Authorization URL - https://accounts.google.com/o/oauth2/v2/auth
Authorization Parameters - scope=https://www.googleapis.com/auth/drive
Token URL - https://www.googleapis.com/oauth2/v4/token

Microsoft OneDrive

Authorization URL - https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Authorization Parameters - scope=https://graph.microsoft.com/Files.ReadWrite.All offline_access
Token URL - https://login.microsoftonline.com/common/oauth2/v2.0/token

The user can adjust these parameters as needed by their registration.