How to Work with Different OAuth 2.0 Grants in SSIS

01 June 2018
KingswaySoft Team

When working with web service endpoints in SSIS, the first challenge that needs to be overcome is establishing the connection to the API. OAuth 2.0 is commonly used in order to authorize the connection.

As you may know, OAuth 2.0 offers a great flexibility in terms of authorization process. It includes a number of grants for a Client to get access to application resource in a secure way. The most common OAuth 2.0 grant types are:

  • Authorization Code
  • Password
  • Implicit
  • Client Credentials

In a previous post, we discussed how to cope with Authorization Code Grant by utilizing our OAuth 2 Token Generator. For this blog post, we are going to describe the remaining grant types which you may encounter during SSIS package development.

Password Grant

This grant type usually needs the user to provide their authorization credentials when requesting an access token, such as username and password. This type of grant can be easily handled using the OAuth 2 Token Generator (note that this is a new feature that we added in SSIS Production Pack v7.0, a new option called Password was added in the General Settings page).

To demonstrate, we will work with Zendesk endpoint in this section in order to show you the process of how to configure OAuth 2 Token Generator with Password Grant Type.

First of all, let’s take a look at the Zendesk documentation, the Password grant flow requires the grant_type query parameter to be set to password.

Documentation (Link)

  • Endpoint: https://{subdomain}.zendesk.com/oauth/tokens
  • Query Parameters:
    • username: The username of Zendesk user that is going to be used to build the connection.
    • password: The password of Zendesk user that is going to be used to build the connection.
    • client_id: The unique identifier you obtained when you registered your application with Zendesk.
    • client_secret: The secret value you received when you registered your application with Zendesk.
    • grant_type: The type of the grant flow. In this case, it must be set to password.
    • scope: A space-separated list of scopes that control access to the Zendesk resources.

Once we have the application registered in Zendesk, we are able to get all the required information and put it into OAuth2 Token Generator as shown below:

OAuth 2 Token Generator

Click Next to go to the next page and click the Edit Body to edit the Request Body in order to specify the additional parameters – scope, username, and password.

OAuth 2 Token Generator - Request Tokens

After we have modified the Request Body, check the Body text field and compare with the sample request provided by Zendesk.

OAuth 2 Token Generator - Request Body

In this step, we add scope, username and password query parameters as shown in the screenshot above. Once this is done, click the Get Tokens button to get access token from Zendesk.

Quick Tip

Some endpoints may require you to include credentials in the request header. In this case, you can click the Request Headers tab and edit the headers from there.

In some cases, access_token may expire after a period of time so when you issue the access token exchanging request, the target endpoint may return a JSON object containing some other properties – refresh_token and expires_in. You can specify the JPath of each property here and our component will automatically get new access token once it expires.

  • Path to Refresh Token
  • Path to Expiry

Zendesk doesn’t return any expiry value in the get token response so the OAuth 2 Token Generator will pop-up couple options which allows you to configure the manual lifespan:

  • Access Token Lifespan: This option allows you to manually specify the token expiration time. Default is set to 0, which means token lasts forever.
  • Is Sliding Expiration: to indicate is the access token is sliding expiration.

OAuth 2 Token Generator - Token Expiry

Click Next to save the token file, you would need to save the token file to a location in which it can be used in the HTTP Connection Manager correctly. You may need to enter a password to secure the token file, specify a Token File Password and click Save Tokens….

Note that you can also export the settings of the token generating process so next time you don’t need to provide the configuration when generating a token. Clicking the Export Settings… will generate a JSON file that contains all the settings.

OAuth 2 Token Generator - Save Tokens

We have now finished the token generating process for password grant flow, you should be able to specify the Token File in the HTTP Connection Manager’s Authentication page and start to create your data flow to interact with Zendesk system.

Implicit Grant

The Implicit Grant is intended to be used for user-agent-based clients, since this is not a desirable approach for SSIS integration we currently do not support this grant type in OAuth 2 Token Generator.

Client Credential Grant

In this section, we used Marketo as our target application to demonstrate the process of retrieving access token and complete the authentication process with the server. Marketo’s REST APIs are authenticated with OAuth 2.0 using Client Credential Grant type, so we believe it is be a good example to demonstrate the process when working with this type of grant flow.

The Client Credential grant usually needs the user to provide client_id and client_secret when requesting an access token. This type of grant can be handled by our OAuth 2 Token Generator with the option called Client Credential in the General Settings page.

Same as above, let’s take a look at the Marketo documentation, the Client Credential grant flow requires the grant_type query parameter to be set to client_credential.

Documentation (Link)

  • Endpoint: <Identity URL>/oauth/tokens
  • Query Parameters:
    • grant_type: The type of the grant flow. In this case, it must be set to client_credential.
    • client_id: The unique identifier you obtained when you registered your application with Marketo.
    • client_secret: The secret value you received when you registered your application with Marketo.

Once you have Service registered in Marketo’s LauchPoint, you would be able to get all the required information to put into the OAuth2 Token Generator as shown below:

Client Credentials Token Generator

Click Next to go to the next page and you will find the request body has been constructed and shown in the Request Body tab.

Quickly check the Body text field and compare with the sample request provided by Marketo. Once this is done, click the Get Tokens button to get access token from Marketo.

Click Next to save the token file, you would need to save the token file to a location so it can be used in the HTTP Connection Manager correctly. You may need to enter a password to secure the token file, specify a Token File Password and click Save Tokens….

Client Credentials Token Generator - Request Tokens

As we’ve mentioned above, you can also export the settings so next time you do not need to provide the configuration when generating a token. You can click the Export Settings… which will generate a JSON file that contains all the settings.

Client Credentials Token Generator - Save Tokens

Now, we have successfully retrieved the OAuth 2 token from Marketo via Client Credential grant.

Conclusion

In this blog, we went through different OAuth 2 grants and demonstrated the processes of how to work with OAuth 2 Token Generator to cope with different grant types. We hope this blog can help you speed up your SSIS development when working with OAuth 2 authentication. If you have any further comments or suggestions, please feel free to let us know. Our team is always open to any possibilities to make your SSIS development easier.


 REST   SSIS 

Archive

December 2024 1 November 2024 3 October 2024 1 September 2024 1 August 2024 2 July 2024 1 June 2024 1 May 2024 1 April 2024 2 March 2024 2 February 2024 2 January 2024 2 December 2023 1 November 2023 1 October 2023 2 August 2023 1 July 2023 2 June 2023 1 May 2023 2 April 2023 1 March 2023 1 February 2023 1 January 2023 2 December 2022 1 November 2022 2 October 2022 2 September 2022 2 August 2022 2 July 2022 3 June 2022 2 May 2022 2 April 2022 3 March 2022 2 February 2022 1 January 2022 2 December 2021 1 October 2021 1 September 2021 2 August 2021 2 July 2021 2 June 2021 1 May 2021 1 April 2021 2 March 2021 2 February 2021 2 January 2021 2 December 2020 2 November 2020 4 October 2020 1 September 2020 3 August 2020 2 July 2020 1 June 2020 2 May 2020 1 April 2020 1 March 2020 1 February 2020 1 January 2020 1 December 2019 1 November 2019 1 October 2019 1 May 2019 1 February 2019 1 December 2018 2 November 2018 1 October 2018 4 September 2018 1 August 2018 1 July 2018 1 June 2018 3 April 2018 3 March 2018 3 February 2018 3 January 2018 2 December 2017 1 April 2017 1 March 2017 7 December 2016 1 November 2016 2 October 2016 1 September 2016 4 August 2016 1 June 2016 1 May 2016 3 April 2016 1 August 2015 1 April 2015 10 August 2014 1 July 2014 1 June 2014 2 May 2014 2 February 2014 1 January 2014 2 October 2013 1 September 2013 2 August 2013 2 June 2013 5 May 2013 2 March 2013 1 February 2013 1 January 2013 1 December 2012 2 November 2012 2 September 2012 2 July 2012 1 May 2012 3 April 2012 2 March 2012 2 January 2012 1

Tags