When using OData Service, Rest API or Web resources, some of your resources might be protected. In this case, you need to grant Reveal access to these resources by setting up an OAuth 2 / OIDC account.
OAuth 2.0 is an authorization framework that supersedes the original OAuth protocol. It is commonly used to grant users limited access to specific resources, without exposing their credentials. Like OAuth 1.0, this protocol enables access from one location (third-party application or website) called OAuth client to another location with protected data.
For further information, please refer to OAuth 2.0
OIDC is a simple identity layer on top of the OAuth 2.0 protocol. OIDC enables websites or applications to grant users access to their content by authenticating the user through their account in another service or application (е.g. Google, Office 365) saving them the trouble of maintaining a bunch of different accounts.
For further information, please refer to Welcome to OpenID Connect.
To use data sources with an OAuth 2 / OIDC аccount you will need to perform these 4 steps:
Register the OAuth Client (Reveal) on your resource server (this is the server hosting the resource, protected with OAuth, that you want to use - e.g. Microsoft, Google, etc.)
Choose one of the three data sources in Reveal, which are enabled to work with OAuth 2 / OIDC accounts - OData Service, Rest API or Web Resource.
Use credentials provided for the Client by the resource server to set up your OAuth 2 / OIDC account in Reveal
Give Reveal permissions to access and use your data.
Navigate to the resource server (e.g. Microsoft, Google, etc.) and register Reveal as an OAuth Client/Application by filling in the required information. Usually the name of the application and a redirect URL are required.
When you complete the registration, the resource server will generate the credentials necessary for configuring the OAuth 2 account in Reveal.
Navigate to Reveal and choose the data source you need - OData Feed, Rest API or Web Resource.
Give this Data Source a meaningful Name.
Provide the URL where the data is located.
Click/tap Choose an account.
In the following screen that opens you need to select OAuth 2 / OIDC Credentials from the dropdown menu:
In the OAuth 2 / OIDC Account Details screen you will need to fill in the credentials that are already generated for Reveal by the resource server.
The following fields are mandatory:
Name: the name for your data source account. It will be displayed in the list of accounts (this is not a credential provided by the resource server).
Authenticate Url: The authenticate URL is usually in a format such as: https://authorization-server.com/oauth2/authorize (e.g. https://login.microsoftonline.com/common/oauth2/authorize).
Token Url: The format of the token url is similar to the one of the authenticate url (e.g. https://login.microsoftonline.com/common/oauth2/token).
Client ID: The Client ID is the identifier for your app (Reveal). Its format is a random combination of symbols. You will receive a Client ID when you first register Reveal as an OAuth Client.
Other fields are not marked as mandatory in Reveal but depending on your OAuth service you might also need to provide the following:
Client Secret: The client secret is used as additional protection. Its format is a random combination of symbols.
Scope: Scope values are used to request additional levels of access. The values will depend on the particular service.
Resource: Here you need to input the url to the service, which hosts the protected data (e.g. https://infragisticsinc297.sharepoint.com)
After configuring the OAuth 2 / OIDC account you will be redirected to a sign-in screen.
After signing in, you will be asked to allow Reveal to use your data:
After giving the required permissions you can use the data in the protected data source to build your visualizations and dashboards in Reveal.
The OAuth 2 / OIDC account you configured will be saved in the data source list of accounts for future use.